* [PATCH 5.10 000/452] 5.10.121-rc1 review
@ 2022-06-07 16:57 Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 001/452] arm64: Initialize jump labels before setup_machine_fdt() Greg Kroah-Hartman
` (457 more replies)
0 siblings, 458 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, slade
This is the start of the stable review cycle for the 5.10.121 release.
There are 452 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 09 Jun 2022 16:48:02 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.121-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 5.10.121-rc1
Jia-Ju Bai <baijiaju1990@gmail.com>
md: bcache: check the return value of kzalloc() in detached_dev_do_request()
Eric Biggers <ebiggers@google.com>
ext4: only allow test_dummy_encryption when supported
Maciej W. Rozycki <macro@orcam.me.uk>
MIPS: IP30: Remove incorrect `cpu_has_fpu' override
Maciej W. Rozycki <macro@orcam.me.uk>
MIPS: IP27: Remove incorrect `cpu_has_fpu' override
Xiao Yang <yangx.jy@fujitsu.com>
RDMA/rxe: Generate a completion for unsupported/invalid opcode
Jason A. Donenfeld <Jason@zx2c4.com>
Revert "random: use static branch for crng_ready()"
Jan Kara <jack@suse.cz>
block: fix bio_clone_blkg_association() to associate with proper blkcg_gq
Jan Kara <jack@suse.cz>
bfq: Make sure bfqg for which we are queueing requests is online
Jan Kara <jack@suse.cz>
bfq: Get rid of __bio_blkcg() usage
Jan Kara <jack@suse.cz>
bfq: Remove pointless bfq_init_rq() calls
Jan Kara <jack@suse.cz>
bfq: Drop pointless unlock-lock pair
Jan Kara <jack@suse.cz>
bfq: Avoid merging queues with different parents
Daniel Lezcano <daniel.lezcano@linaro.org>
thermal/core: Fix memory leak in the error path
Ziyang Xuan <william.xuanziyang@huawei.com>
thermal/core: fix a UAF bug in __thermal_cooling_device_register()
Waiman Long <longman@redhat.com>
kseltest/cgroup: Make test_stress.sh work if run interactively
Dave Chinner <dchinner@redhat.com>
xfs: assert in xfs_btree_del_cursor should take into account error
Brian Foster <bfoster@redhat.com>
xfs: consider shutdown in bmapbt cursor delete assert
Darrick J. Wong <djwong@kernel.org>
xfs: force log and push AIL to clear pinned inodes when aborting mount
Brian Foster <bfoster@redhat.com>
xfs: restore shutdown check in mapped write fault path
Darrick J. Wong <djwong@kernel.org>
xfs: fix incorrect root dquot corruption error when switching group/project quota types
Darrick J. Wong <djwong@kernel.org>
xfs: fix chown leaking delalloc quota blocks when fssetxattr fails
Brian Foster <bfoster@redhat.com>
xfs: sync lazy sb accounting on quiesce of read-only mounts
Jeffrey Mitchell <jeffrey.mitchell@starlab.io>
xfs: set inode size after creating symlink
Alex Elder <elder@linaro.org>
net: ipa: fix page free in ipa_endpoint_replenish_one()
Alex Elder <elder@linaro.org>
net: ipa: fix page free in ipa_endpoint_trans_release()
Johan Hovold <johan+linaro@kernel.org>
phy: qcom-qmp: fix reset-controller leak on probe errors
Mao Jinlong <quic_jinlmao@quicinc.com>
coresight: core: Fix coresight device probe failure issue
Tejun Heo <tj@kernel.org>
blk-iolatency: Fix inflight count imbalances and IO hangs on offline
Eugenio Pérez <eperezma@redhat.com>
vdpasim: allow to enable a vq repeatedly
Dinh Nguyen <dinguyen@kernel.org>
dt-bindings: gpio: altera: correct interrupt-cells
Akira Yokosawa <akiyks@gmail.com>
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
Steve French <stfrench@microsoft.com>
SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op
Arnd Bergmann <arnd@arndb.de>
ARM: pxa: maybe fix gpio lookup tables
Jonathan Bakker <xc-racer2@live.ca>
ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries
Johan Hovold <johan+linaro@kernel.org>
phy: qcom-qmp: fix struct clk leak on probe errors
Kathiravan T <quic_kathirav@quicinc.com>
arm64: dts: qcom: ipq8074: fix the sleep clock frequency
Xiaomeng Tong <xiam0nd.tong@gmail.com>
gma500: fix an incorrect NULL check on list iterator
Xiaomeng Tong <xiam0nd.tong@gmail.com>
tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
Jiri Slaby <jirislaby@kernel.org>
serial: pch: don't overwrite xmit->buf[0] by x_char
Coly Li <colyli@suse.de>
bcache: avoid journal no-space deadlock by reserving 1 journal bucket
Coly Li <colyli@suse.de>
bcache: remove incremental dirty sector counting for bch_sectors_dirty_init()
Coly Li <colyli@suse.de>
bcache: improve multithreaded bch_sectors_dirty_init()
Coly Li <colyli@suse.de>
bcache: improve multithreaded bch_btree_check()
Xiaomeng Tong <xiam0nd.tong@gmail.com>
stm: ltdc: fix two incorrect NULL checks on list iterator
Xiaomeng Tong <xiam0nd.tong@gmail.com>
carl9170: tx: fix an incorrect use of list iterator
Mark Brown <broonie@kernel.org>
ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
Alexander Wetzel <alexander@wetzel-home.de>
rtl818x: Prevent using not initialized queues
Yi Yang <yiyang13@huawei.com>
xtensa/simdisk: fix proc_read_simdisk()
Mike Kravetz <mike.kravetz@oracle.com>
hugetlb: fix huge_pmd_unshare address update
Christophe de Dinechin <dinechin@redhat.com>
nodemask.h: fix compilation error with GCC12
Xiaomeng Tong <xiam0nd.tong@gmail.com>
iommu/msm: Fix an incorrect NULL check on list iterator
Song Liu <song@kernel.org>
ftrace: Clean up hash direct_functions on register failures
Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
Vincent Whitchurch <vincent.whitchurch@axis.com>
um: Fix out-of-bounds read in LDT setup
Johannes Berg <johannes.berg@intel.com>
um: chan_user: Fix winch_tramp() return value
Felix Fietkau <nbd@nbd.name>
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
Dimitri John Ledkov <dimitri.ledkov@canonical.com>
cfg80211: declare MODULE_FIRMWARE for regulatory.db
Max Filippov <jcmvbkbc@gmail.com>
irqchip: irq-xtensa-mx: fix initial IRQ affinity
Pali Rohár <pali@kernel.org>
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
Guo Ren <guoren@linux.alibaba.com>
csky: patch_text: Fixup last cpu should be master
Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
RDMA/hfi1: Fix potential integer multiplication overflow errors
Sean Christopherson <seanjc@google.com>
Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug
GUO Zihua <guozihua@huawei.com>
ima: remove the IMA_TEMPLATE Kconfig option
Nicolas Dufresne <nicolas.dufresne@collabora.com>
media: coda: Add more H264 levels for CODA960
Nicolas Dufresne <nicolas.dufresne@collabora.com>
media: coda: Fix reported H264 profile
Tokunori Ikegami <ikegami.t@gmail.com>
mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
Tokunori Ikegami <ikegami.t@gmail.com>
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
Xiaomeng Tong <xiam0nd.tong@gmail.com>
md: fix an incorrect NULL check in md_reload_sb
Xiaomeng Tong <xiam0nd.tong@gmail.com>
md: fix an incorrect NULL check in does_sb_need_changing
Jani Nikula <jani.nikula@intel.com>
drm/i915/dsi: fix VBT send packet port selection for ICL+
Brian Norris <briannorris@chromium.org>
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
Xiaomeng Tong <xiam0nd.tong@gmail.com>
drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator
Xiaomeng Tong <xiam0nd.tong@gmail.com>
drm/nouveau/clk: Fix an incorrect NULL check on list iterator
Lucas Stach <l.stach@pengutronix.de>
drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
Dave Airlie <airlied@redhat.com>
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
Xiaomeng Tong <xiam0nd.tong@gmail.com>
scsi: dc395x: Fix a missing check on list iterator
Junxiao Bi via Ocfs2-devel <ocfs2-devel@oss.oracle.com>
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
Alexander Aring <aahringo@redhat.com>
dlm: fix missing lkb refcount handling
Alexander Aring <aahringo@redhat.com>
dlm: fix plock invalid read
Nico Boehr <nrb@linux.ibm.com>
s390/perf: obtain sie_block from the right address
Rei Yamamoto <yamamoto.rei@jp.fujitsu.com>
mm, compaction: fast_find_migrateblock() should return pfn in the target zone
Johan Hovold <johan+linaro@kernel.org>
PCI: qcom: Fix unbalanced PHY init on probe errors
Johan Hovold <johan+linaro@kernel.org>
PCI: qcom: Fix runtime PM imbalance on probe errors
Bjorn Helgaas <bhelgaas@google.com>
PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299
Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
tracing: Fix potential double free in create_var_ref()
Sakari Ailus <sakari.ailus@linux.intel.com>
ACPI: property: Release subnode properties with data nodes
Jan Kara <jack@suse.cz>
ext4: avoid cycles in directory h-tree
Jan Kara <jack@suse.cz>
ext4: verify dir block before splitting it
Baokun Li <libaokun1@huawei.com>
ext4: fix bug_on in __es_tree_search
Theodore Ts'o <tytso@mit.edu>
ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state
Ye Bin <yebin10@huawei.com>
ext4: fix bug_on in ext4_writepages
Ye Bin <yebin10@huawei.com>
ext4: fix warning in ext4_handle_inode_extension
Ye Bin <yebin10@huawei.com>
ext4: fix use-after-free in ext4_rename_dir_prepare
Jan Kara <jack@suse.cz>
bfq: Track whether bfq_group is still online
Jan Kara <jack@suse.cz>
bfq: Update cgroup information before merging bio
Jan Kara <jack@suse.cz>
bfq: Split shared queues on move between cgroups
Aditya Garg <gargaditya08@live.com>
efi: Do not import certificates from UEFI Secure Boot for T2 Macs
Zhihao Cheng <chengzhihao1@huawei.com>
fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
iwlwifi: mvm: fix assert 1F04 upon reconfig
Johannes Berg <johannes.berg@intel.com>
wifi: mac80211: fix use-after-free in chanctx code
Chao Yu <chao@kernel.org>
f2fs: fix to do sanity check for inline inode
Chao Yu <chao@kernel.org>
f2fs: fix fallocate to use file_modified to update permissions consistently
Chao Yu <chao@kernel.org>
f2fs: fix to do sanity check on total_data_blocks
Jaegeuk Kim <jaegeuk@kernel.org>
f2fs: don't need inode lock for system hidden quota
Chao Yu <chao@kernel.org>
f2fs: fix deadloop in foreground GC
Chao Yu <chao@kernel.org>
f2fs: fix to clear dirty inode in f2fs_evict_inode()
Chao Yu <chao@kernel.org>
f2fs: fix to do sanity check on block address in f2fs_do_zero_range()
Chao Yu <chao@kernel.org>
f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()
Zhengjun Xing <zhengjun.xing@linux.intel.com>
perf jevents: Fix event syntax error caused by ExtSel
Leo Yan <leo.yan@linaro.org>
perf c2c: Use stdio interface if slang is not supported
Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
i2c: rcar: fix PM ref counts in probe error paths
Tali Perry <tali.perry1@gmail.com>
i2c: npcm: Handle spurious interrupts
Tyrone Ting <kfting@nuvoton.com>
i2c: npcm: Correct register access width
Tali Perry <tali.perry1@gmail.com>
i2c: npcm: Fix timeout calculation
Joerg Roedel <jroedel@suse.de>
iommu/amd: Increase timeout waiting for GA log enablement
Amelie Delaunay <amelie.delaunay@foss.st.com>
dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler()
Amelie Delaunay <amelie.delaunay@st.com>
dmaengine: stm32-mdma: rework interrupt handler
Amelie Delaunay <amelie.delaunay@foss.st.com>
dmaengine: stm32-mdma: remove GISR1 register
Miaoqian Lin <linmq006@gmail.com>
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
Trond Myklebust <trond.myklebust@hammerspace.com>
NFS: Don't report errors from nfs_pageio_complete() more than once
Trond Myklebust <trond.myklebust@hammerspace.com>
NFS: Do not report flush errors in nfs_write_end()
Trond Myklebust <trond.myklebust@hammerspace.com>
NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS
Trond Myklebust <trond.myklebust@hammerspace.com>
NFS: Do not report EINTR/ERESTARTSYS as mapping errors
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
dmaengine: idxd: Fix the error handling path in idxd_cdev_register()
Nathan Chancellor <nathan@kernel.org>
i2c: at91: Initialize dma_buf in at91_twi_xfer()
Guenter Roeck <linux@roeck-us.net>
MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon
Rex-BC Chen <rex-bc.chen@mediatek.com>
cpufreq: mediatek: Unregister platform device on exit
Jia-Wei Chang <jia-wei.chang@mediatek.com>
cpufreq: mediatek: Use module_init and add module_exit
Qinglang Miao <miaoqinglang@huawei.com>
cpufreq: mediatek: add missing platform_driver_unregister() on error in mtk_cpufreq_driver_init
Michael Walle <michael@walle.cc>
i2c: at91: use dma safe buffers
Yong Wu <yong.wu@mediatek.com>
iommu/mediatek: Add list_del in mtk_iommu_remove
Jakob Koschel <jakobkoschel@gmail.com>
f2fs: fix dereference of stale list iterator after loop body
Dan Carpenter <dan.carpenter@oracle.com>
OPP: call of_node_put() on error path in _bandwidth_supported()
Dmitry Torokhov <dmitry.torokhov@gmail.com>
Input: stmfts - do not leave device disabled in stmfts_input_open
Douglas Miller <doug.miller@cornelisnetworks.com>
RDMA/hfi1: Prevent use of lock before it is initialized
Björn Ardö <bjorn.ardo@axis.com>
mailbox: forward the hrtimer if not queued and under a lock
Yang Yingliang <yangyingliang@huawei.com>
mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe()
Miaoqian Lin <linmq006@gmail.com>
powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
Randy Dunlap <rdunlap@infradead.org>
macintosh: via-pmu and via-cuda need RTC_LIB
Kajol Jain <kjain@linux.ibm.com>
powerpc/perf: Fix the threshold compare group constraint for power9
Michael Ellerman <mpe@ellerman.id.au>
powerpc/64: Only WARN if __pa()/__va() called with bad addresses
Yang Yingliang <yangyingliang@huawei.com>
hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume()
Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits
Miaoqian Lin <linmq006@gmail.com>
Input: sparcspkr - fix refcount leak in bbc_beep_probe
Sebastian Andrzej Siewior <bigeasy@linutronix.de>
crypto: cryptd - Protect per-CPU resource by disabling BH.
Corentin Labbe <clabbe@baylibre.com>
crypto: sun8i-ss - handle zero sized sg
Corentin Labbe <clabbe@baylibre.com>
crypto: sun8i-ss - rework handling of IV
Qi Zheng <zhengqi.arch@bytedance.com>
tty: fix deadlock caused by calling printk() under tty_port->lock
Francesco Dolcini <francesco.dolcini@toradex.com>
PCI: imx6: Fix PERST# start-up sequence
Waiman Long <longman@redhat.com>
ipc/mqueue: use get_tree_nodev() in mqueue_get_tree()
Alexey Dobriyan <adobriyan@gmail.com>
proc: fix dentry/inode overinstantiating under /proc/${pid}/net
Charles Keepax <ckeepax@opensource.cirrus.com>
ASoC: atmel-classd: Remove endianness flag on class d component
Charles Keepax <ckeepax@opensource.cirrus.com>
ASoC: atmel-pdmic: Remove endianness flag on pdmic component
Randy Dunlap <rdunlap@infradead.org>
powerpc/4xx/cpm: Fix return value of __setup() handler
Randy Dunlap <rdunlap@infradead.org>
powerpc/idle: Fix return value of __setup() handler
Yang Yingliang <yangyingliang@huawei.com>
pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources()
Randy Dunlap <rdunlap@infradead.org>
powerpc/8xx: export 'cpm_setbrg' for modules
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block()
Muchun Song <songmuchun@bytedance.com>
dax: fix cache flush on PMD-mapped pages
Miaohe Lin <linmiaohe@huawei.com>
drivers/base/node.c: fix compaction sysfs file leak
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
pinctrl: mvebu: Fix irq_of_parse_and_map() return value
Dan Williams <dan.j.williams@intel.com>
nvdimm: Allow overwrite in the presence of disabled dimms
Dan Williams <dan.j.williams@intel.com>
nvdimm: Fix firmware activation deadlock scenarios
Cristian Marussi <cristian.marussi@arm.com>
firmware: arm_scmi: Fix list protocols enumeration in the base protocol
Gustavo A. R. Silva <gustavoars@kernel.org>
scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
Lv Ruyi <lv.ruyi@zte.com.cn>
mfd: ipaq-micro: Fix error check return value of platform_get_irq()
Hari Bathini <hbathini@linux.ibm.com>
powerpc/fadump: fix PT_LOAD segment for boot memory area
Chuanhong Guo <gch981213@gmail.com>
arm: mediatek: select arch timer for mt7629
Stefan Wahren <stefan.wahren@i2se.com>
pinctrl: bcm2835: implement hook for missing gpio-ranges
Stefan Wahren <stefan.wahren@i2se.com>
gpiolib: of: Introduce hook for missing gpio-ranges
Corentin Labbe <clabbe@baylibre.com>
crypto: marvell/cesa - ECB does not IV
Hangyu Hua <hbh25y@gmail.com>
misc: ocxl: fix possible double free in ocxl_file_register_afu
Stefan Wahren <stefan.wahren@i2se.com>
ARM: dts: bcm2835-rpi-b: Fix GPIO line names
Phil Elwell <phil@raspberrypi.com>
ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
Phil Elwell <phil@raspberrypi.com>
ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
Phil Elwell <phil@raspberrypi.com>
ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
Marek Vasut <marex@denx.de>
ARM: dts: stm32: Fix PHY post-reset delay on Avenger96
Marc Kleine-Budde <mkl@pengutronix.de>
can: xilinx_can: mark bit timing constants as const
Guenter Roeck <linux@roeck-us.net>
platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls
Max Krummenacher <max.krummenacher@toradex.com>
ARM: dts: imx6dl-colibri: Fix I2C pinmuxing
Tzung-Bi Shih <tzungbi@kernel.org>
platform/chrome: cros_ec: fix error handling in cros_ec_register()
Sean Christopherson <seanjc@google.com>
KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault
Sean Christopherson <seanjc@google.com>
KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry
Bjorn Andersson <bjorn.andersson@linaro.org>
soc: qcom: llcc: Add MODULE_DEVICE_TABLE()
Thorsten Scherer <t.scherer@eckelmann.de>
ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks
Jiantao Zhang <water.zhangjiantao@huawei.com>
PCI: dwc: Fix setting error return on MSI DMA mapping failure
Dan Carpenter <dan.carpenter@oracle.com>
PCI: rockchip: Fix find_first_zero_bit() limit
Dan Carpenter <dan.carpenter@oracle.com>
PCI: cadence: Fix find_first_zero_bit() limit
Miaoqian Lin <linmq006@gmail.com>
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
Miaoqian Lin <linmq006@gmail.com>
soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
Andre Przywara <andre.przywara@arm.com>
ARM: dts: suniv: F1C100: fix watchdog compatible
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
memory: samsung: exynos5422-dmc: Avoid some over memory allocation
Shawn Lin <shawn.lin@rock-chips.com>
arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399
liuyacan <liuyacan@corp.netease.com>
net/smc: postpone sk_refcnt increment in connect()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
hinic: Avoid some over memory allocation
Gustavo A. R. Silva <gustavoars@kernel.org>
net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc()
David Howells <dhowells@redhat.com>
rxrpc: Fix decision on when to generate an IDLE ACK
David Howells <dhowells@redhat.com>
rxrpc: Don't let ack.previousPacket regress
David Howells <dhowells@redhat.com>
rxrpc: Fix overlapping ACK accounting
David Howells <dhowells@redhat.com>
rxrpc: Don't try to resend the request if we're receiving the reply
David Howells <dhowells@redhat.com>
rxrpc: Fix listen() setting the bar too high for the prealloc rings
Yongzhi Liu <lyz_cs@pku.edu.cn>
hv_netvsc: Fix potential dereference of NULL pointer
Jakub Kicinski <kuba@kernel.org>
net: stmmac: fix out-of-bounds access in a selftest
Gustavo A. R. Silva <gustavoars@kernel.org>
net: stmmac: selftests: Use kcalloc() instead of kzalloc()
Alexey Khoroshilov <khoroshilov@ispras.ru>
ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv()
Duoming Zhou <duoming@zju.edu.cn>
NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
Yang Yingliang <yangyingliang@huawei.com>
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
Miaoqian Lin <linmq006@gmail.com>
thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe
Yang Yingliang <yangyingliang@huawei.com>
thermal/core: Fix memory leak in __thermal_cooling_device_register()
Daniel Lezcano <daniel.lezcano@linaro.org>
thermal/drivers/core: Use a char pointer for the cooling device name
Zheng Yongjun <zhengyongjun3@huawei.com>
thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe
Stefan Wahren <stefan.wahren@i2se.com>
thermal/drivers/bcm2711: Don't clamp temperature at zero
Nathan Chancellor <nathan@kernel.org>
drm/i915: Fix CFI violation with show_dynamic_id()
Abhinav Kumar <quic_abhinavk@quicinc.com>
drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path
Lai Jiangshan <jiangshan.ljs@antgroup.com>
x86/sev: Annotate stack change in the #VC handler
Hangyu Hua <hbh25y@gmail.com>
drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
Miaoqian Lin <linmq006@gmail.com>
drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init
Eric Biggers <ebiggers@google.com>
ext4: reject the 'commit' option on ext2 filesystems
Jonas Karlman <jonas@kwiboo.se>
media: rkvdec: h264: Fix bit depth wrap in pps packet
Nicolas Dufresne <nicolas.dufresne@collabora.com>
media: rkvdec: h264: Fix dpb_valid implementation
Nicolas Dufresne <nicolas.dufresne@collabora.com>
media: rkvdec: Stop overclocking the decoder
Cai Huoqing <caihuoqing@baidu.com>
media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource()
Dongliang Mu <mudongliangabcd@gmail.com>
media: ov7670: remove ov7670_power_off from ov7670_remove
Miaoqian Lin <linmq006@gmail.com>
ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_*
Zheng Bin <zhengbin13@huawei.com>
net: hinic: add missing destroy_workqueue in hinic_pf_to_mgmt_init
Eric Dumazet <edumazet@google.com>
sctp: read sk->sk_bound_dev_if once in sctp_rcv()
Paul Moore <paul@paul-moore.com>
lsm,selinux: pass flowi_common instead of flowi to the LSM hooks
Geert Uytterhoeven <geert@linux-m68k.org>
m68k: math-emu: Fix dependencies of math emulation support
Keith Busch <kbusch@kernel.org>
nvme: set dma alignment to dword
Niels Dossche <dossche.niels@gmail.com>
Bluetooth: use hdev lock for accept_list and reject_list in conn req
Archie Pusaka <apusaka@chromium.org>
Bluetooth: use inclusive language when filtering devices
Archie Pusaka <apusaka@chromium.org>
Bluetooth: use inclusive language in HCI role comments
Sathish Narasimman <sathish.narasimman@intel.com>
Bluetooth: LL privacy allow RPA
Bhaskar Chowdhury <unixbhaskar@gmail.com>
Bluetooth: L2CAP: Rudimentary typo fixes
Howard Chung <howardchung@google.com>
Bluetooth: Interleave with allowlist scan
Ying Hsu <yinghsu@chromium.org>
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
Michael Rodin <mrodin@de.adit-jv.com>
media: vsp1: Fix offset calculation for plane cropping
Pavel Skripkin <paskripkin@gmail.com>
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
Miaoqian Lin <linmq006@gmail.com>
media: exynos4-is: Change clk_disable to clk_disable_unprepare
Miaoqian Lin <linmq006@gmail.com>
media: st-delta: Fix PM disable depth imbalance in delta_probe
Miaoqian Lin <linmq006@gmail.com>
media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
media: aspeed: Fix an error handling path in aspeed_video_probe()
Josh Poimboeuf <jpoimboe@kernel.org>
scripts/faddr2line: Fix overlapping text section failures
Phil Auld <pauld@redhat.com>
kselftest/cgroup: fix test_stress.sh to use OUTPUT dir
Miaoqian Lin <linmq006@gmail.com>
ASoC: samsung: Fix refcount leak in aries_audio_probe
Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
ASoC: samsung: Use dev_err_probe() helper
Miaoqian Lin <linmq006@gmail.com>
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
Miaoqian Lin <linmq006@gmail.com>
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
Miaoqian Lin <linmq006@gmail.com>
ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
Baochen Qiang <quic_bqiang@quicinc.com>
ath11k: Don't check arvif->is_started before sending management frames
Ravi Bangoria <ravi.bangoria@amd.com>
perf/amd/ibs: Use interrupt regs ip for stack unwinding
Konrad Dybcio <konrad.dybcio@somainline.org>
regulator: qcom_smd: Fix up PM8950 regulator configuration
Viresh Kumar <viresh.kumar@linaro.org>
Revert "cpufreq: Fix possible race in cpufreq online error path"
Yang Yingliang <yangyingliang@huawei.com>
spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname()
Andreas Gruenbacher <agruenba@redhat.com>
iomap: iomap_write_failed fix
Xiaomeng Tong <xiam0nd.tong@gmail.com>
media: uvcvideo: Fix missing check to determine if element is found in list
Dan Carpenter <dan.carpenter@oracle.com>
drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
Jessica Zhang <quic_jesszhan@quicinc.com>
drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
Jessica Zhang <quic_jesszhan@quicinc.com>
drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
Kuogee Hsieh <quic_khsieh@quicinc.com>
drm/msm/dp: fix event thread stuck in wait_event after kthread_stop()
Zev Weiss <zev@bewilderbeest.net>
regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
Tong Tiangen <tongtiangen@huawei.com>
arm64: fix types in copy_highpage()
Randy Dunlap <rdunlap@infradead.org>
x86/mm: Cleanup the control_va_addr_alignment() __setup handler
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
Daniel Thompson <daniel.thompson@linaro.org>
irqchip/exiu: Fix acknowledgment of edge triggered interrupts
Randy Dunlap <rdunlap@infradead.org>
x86: Fix return value of __setup handlers
Christoph Hellwig <hch@lst.de>
virtio_blk: fix the discard_granularity and discard_alignment queue limits
James Clark <james.clark@arm.com>
perf tools: Use Python devtools for version autodetection rather than runtime
Yang Yingliang <yangyingliang@huawei.com>
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
Jagan Teki <jagan@amarulasolutions.com>
drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/msm: add missing include to msm_drv.c
Lv Ruyi <lv.ruyi@zte.com.cn>
drm/msm/hdmi: fix error check return value of irq_of_parse_and_map()
Yang Yingliang <yangyingliang@huawei.com>
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
drm/msm/dsi: fix error checks and return values for DSI xmit functions
Lv Ruyi <lv.ruyi@zte.com.cn>
drm/msm/dp: fix error check return value of irq_of_parse_and_map()
Kuogee Hsieh <quic_khsieh@quicinc.com>
drm/msm/dp: stop event kernel thread when DP unbind
Vinod Polimera <quic_vpolimer@quicinc.com>
drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume
Yang Jihong <yangjihong1@huawei.com>
perf tools: Add missing headers needed by util/data.h
Nicolas Frattaroli <frattaroli.nicolas@gmail.com>
ASoC: rk3328: fix disabling mclk on pclk probe failure
Josh Poimboeuf <jpoimboe@redhat.com>
x86/speculation: Add missing prototype for unpriv_ebpf_notify()
Yang Yingliang <yangyingliang@huawei.com>
mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe()
Matthieu Baerts <matthieu.baerts@tessares.net>
x86/pm: Fix false positive kmemleak report in msr_build_context()
Chen-Tsung Hsieh <chentsung@chromium.org>
mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check()
Andrii Nakryiko <andrii@kernel.org>
libbpf: Fix logic for finding matching program for CO-RE relocation
Colin Ian King <colin.i.king@gmail.com>
selftests/resctrl: Fix null pointer dereference on open failed
Kiwoong Kim <kwmad.kim@samsung.com>
scsi: ufs: core: Exclude UECxx from SFR dump list
Bart Van Assche <bvanassche@acm.org>
scsi: ufs: qcom: Fix ufs_qcom_resume()
Kuogee Hsieh <quic_khsieh@quicinc.com>
drm/msm/dpu: adjust display_v_end for eDP and DP
Nuno Sá <nuno.sa@analog.com>
of: overlay: do not break notify on NOTIFY_{OK|STOP}
Amir Goldstein <amir73il@gmail.com>
fsnotify: fix wrong lockdep annotations
Amir Goldstein <amir73il@gmail.com>
inotify: show inotify mask flags in proc fdinfo
Colin Ian King <colin.i.king@gmail.com>
ALSA: pcm: Check for null pointer of pointer substream before dereferencing it
Marek Vasut <marex@denx.de>
drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01
Chen-Yu Tsai <wenst@chromium.org>
media: hantro: Empty encoder capture buffers by default
Dan Carpenter <dan.carpenter@oracle.com>
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
Schspa Shi <schspa@gmail.com>
cpufreq: Fix possible race in cpufreq online error path
Zheng Yongjun <zhengyongjun3@huawei.com>
spi: img-spfi: Fix pm_runtime_get_sync() error checking
Chengming Zhou <zhouchengming@bytedance.com>
sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq
Miaoqian Lin <linmq006@gmail.com>
drm/bridge: Fix error handling in analogix_dp_probe
Miaoqian Lin <linmq006@gmail.com>
HID: elan: Fix potential double free in elan_input_configured
Jonathan Teh <jonathan.teh@outlook.com>
HID: hid-led: fix maximum brightness for Dream Cheeky
Zheyu Ma <zheyuma97@gmail.com>
mtd: rawnand: denali: Use managed device resources
Tyler Hicks <tyhicks@linux.microsoft.com>
EDAC/dmc520: Don't print an error for each unconfigured interrupt line
Arnd Bergmann <arnd@arndb.de>
drbd: fix duplicate array initializer
Christoph Hellwig <hch@lst.de>
target: remove an incorrect unmap zeroes data deduction
Jan Kiszka <jan.kiszka@siemens.com>
efi: Add missing prototype for efi_capsule_setup_info
Lin Ma <linma@zju.edu.cn>
NFC: NULL out the dev->rfkill to prevent UAF
Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
net: dsa: mt7530: 1G can also support 1000BASE-X link mode
Paul E. McKenney <paulmck@kernel.org>
scftorture: Fix distribution of short handler delays
Miaoqian Lin <linmq006@gmail.com>
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
Jiasheng Jiang <jiasheng@iscas.ac.cn>
drm: mali-dp: potential dereference of null pointer
Zhou Qingyang <zhou1615@umn.edu>
drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
Johannes Berg <johannes.berg@intel.com>
nl80211: show SSID for P2P_GO interfaces
Yuntao Wang <ytcoode@gmail.com>
bpf: Fix excessive memory allocation in stack_map_alloc()
Andrii Nakryiko <andrii@kernel.org>
libbpf: Don't error out on CO-RE relos for overriden weak subprogs
Maxime Ripard <maxime@cerno.tech>
drm/vc4: txp: Force alpha to be 0xff if it's disabled
Maxime Ripard <maxime@cerno.tech>
drm/vc4: txp: Don't set TXP_VSTART_AT_EOF
Maxime Ripard <maxime@cerno.tech>
drm/vc4: hvs: Reset muxes at probe time
Miles Chen <miles.chen@mediatek.com>
drm/mediatek: Fix mtk_cec_mask()
Paul Cercueil <paul@crapouillou.net>
drm/ingenic: Reset pixclock rate when parent clock rate changes
Ammar Faizi <ammarfaizi2@gnuweeb.org>
x86/delay: Fix the wrong asm constraint in delay_loop()
Miaoqian Lin <linmq006@gmail.com>
ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
Miaoqian Lin <linmq006@gmail.com>
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
Kuldeep Singh <singh.kuldeep87k@gmail.com>
spi: qcom-qspi: Add minItems to interconnect-names
Lucas Stach <l.stach@pengutronix.de>
drm/bridge: adv7511: clean up CEC adapter when probe fails
Jani Nikula <jani.nikula@intel.com>
drm/edid: fix invalid EDID extension block filtering
Wenli Looi <wlooi@ucalgary.ca>
ath9k: fix ar9003_get_eepmisc
Niels Dossche <dossche.niels@gmail.com>
ath11k: acquire ab->base_lock in unassign when finding the peer by addr
Noralf Trønnes <noralf@tronnes.org>
dt-bindings: display: sitronix, st7735r: Fix backlight in example
Linus Torvalds <torvalds@linux-foundation.org>
drm: fix EDID struct for old ARM OABI format
Douglas Miller <doug.miller@cornelisnetworks.com>
RDMA/hfi1: Prevent panic when SDMA is disabled
Peng Wu <wupeng58@huawei.com>
powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
Finn Thain <fthain@linux-m68k.org>
macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
Lv Ruyi <lv.ruyi@zte.com.cn>
powerpc/powernv: fix missing of_node_put in uv_init()
Lv Ruyi <lv.ruyi@zte.com.cn>
powerpc/xics: fix refcount leak in icp_opal_init()
Haren Myneni <haren@linux.ibm.com>
powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr
Vasily Averin <vvs@openvz.org>
tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
Yicong Yang <yangyicong@hisilicon.com>
PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
Peng Wu <wupeng58@huawei.com>
ARM: hisi: Add missing of_node_put after of_find_compatible_node
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
Peng Wu <wupeng58@huawei.com>
ARM: versatile: Add missing of_node_put in dcscb_init
Yang Yingliang <yangyingliang@huawei.com>
pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources()
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
fat: add ratelimit to fat*_ent_bread()
Hari Bathini <hbathini@linux.ibm.com>
powerpc/fadump: Fix fadump to work with a different endian capture kernel
Janusz Krzysztofik <jmkrzyszt@gmail.com>
ARM: OMAP1: clock: Fix UART rate reporting algorithm
Zixuan Fu <r33s3n6@gmail.com>
fs: jfs: fix possible NULL pointer dereference in dbFree()
QintaoShen <unSimple1993@163.com>
soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc
Gilad Ben-Yossef <gilad@benyossef.com>
crypto: ccree - use fine grained DMA mapping dir
Brian Norris <briannorris@chromium.org>
PM / devfreq: rk3399_dmc: Disable edev on remove()
Konrad Dybcio <konrad.dybcio@somainline.org>
arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count
Krzysztof Kozlowski <krzk@kernel.org>
ARM: dts: s5pv210: align DMA channels with dtschema
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ARM: dts: ox820: align interrupt controller node name with dtschema
Niels Dossche <dossche.niels@gmail.com>
IB/rdmavt: add missing locks in rvt_ruc_loopback
Bob Peterson <rpeterso@redhat.com>
gfs2: use i_lock spin_lock for inode qadata
Yonghong Song <yhs@fb.com>
selftests/bpf: fix btf_dump/btf_dump due to recent clang change
Jakub Kicinski <kuba@kernel.org>
eth: tg3: silence the GCC 12 array-bounds warning
David Howells <dhowells@redhat.com>
rxrpc, afs: Fix selection of abort codes
David Howells <dhowells@redhat.com>
rxrpc: Return an error to sendmsg if call failed
Geert Uytterhoeven <geert@linux-m68k.org>
m68k: atari: Make Atari ROM port I/O write macros return void
Borislav Petkov <bp@suse.de>
x86/microcode: Add explicit CPU vendor dependency
Vincent Mailhol <mailhol.vincent@wanadoo.fr>
can: mcp251xfd: silence clang's -Wunaligned-access warning
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
ASoC: rt1015p: remove dependency on GPIOLIB
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
ASoC: max98357a: remove dependency on GPIOLIB
Kwanghoon Son <k.son@samsung.com>
media: exynos4-is: Fix compile warning
Fabio Estevam <festevam@denx.de>
net: phy: micrel: Allow probing without .driver_data
Xie Yongji <xieyongji@bytedance.com>
nbd: Fix hung on disconnect request if socket is closed before
Lin Ma <linma@zju.edu.cn>
ASoC: rt5645: Fix errorenous cleanup order
Smith, Kyle Miller (Nimble Kernel) <kyles@hpe.com>
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
Jason A. Donenfeld <Jason@zx2c4.com>
openrisc: start CPU timer early in boot
Hans Verkuil <hverkuil-cisco@xs4all.nl>
media: cec-adap.c: fix is_configuring state
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
media: imon: reorganize serialization
Philipp Zabel <p.zabel@pengutronix.de>
media: coda: limit frame interval enumeration to supported encoder frame sizes
Hangyu Hua <hbh25y@gmail.com>
media: rga: fix possible memory leak in rga_probe
Dongliang Mu <mudongliangabcd@gmail.com>
rtlwifi: Use pr_warn instead of WARN_ONCE
Corey Minyard <cminyard@mvista.com>
ipmi: Fix pr_fmt to avoid compilation issues
Corey Minyard <cminyard@mvista.com>
ipmi:ssif: Check for NULL msg when handling events and messages
Mario Limonciello <mario.limonciello@amd.com>
ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
Mikulas Patocka <mpatocka@redhat.com>
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
Patrice Chotard <patrice.chotard@foss.st.com>
spi: stm32-qspi: Fix wait_cmd timeout in APM mode
Ravi Bangoria <ravi.bangoria@amd.com>
perf/amd/ibs: Cascade pmu init functions' return value
Heiko Carstens <hca@linux.ibm.com>
s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
Eric Dumazet <edumazet@google.com>
net: remove two BUG() from skb_checksum_help()
Charles Keepax <ckeepax@opensource.cirrus.com>
ASoC: tscs454: Add endianness flag in snd_soc_component_driver
Dongliang Mu <mudongliangabcd@gmail.com>
HID: bigben: fix slab-out-of-bounds Write in bigben_probe
Alice Wong <shiwei.wong@amd.com>
drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo
Petr Machata <petrm@nvidia.com>
mlxsw: Treat LLDP packets as control
Petr Machata <petrm@nvidia.com>
mlxsw: spectrum_dcb: Do not warn about priority changes
Mark Brown <broonie@kernel.org>
ASoC: dapm: Don't fold register value changes into notifications
Mark Bloch <mbloch@nvidia.com>
net/mlx5: fs, delete the FTE when there are no rules attached to it
jianghaoran <jianghaoran@kylinos.cn>
ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
Lv Ruyi <lv.ruyi@zte.com.cn>
drm: msm: fix error check return value of irq_of_parse_and_map()
Alexandru Elisei <alexandru.elisei@arm.com>
arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
Abhishek Kumar <kuabhs@chromium.org>
ath10k: skip ath10k_halt during suspend for driver state RESTARTING
Evan Quan <evan.quan@amd.com>
drm/amd/pm: fix the compile warning
Steven Price <steven.price@arm.com>
drm/plane: Move range check for format_count earlier
Hans de Goede <hdegoede@redhat.com>
ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408
Hari Chandrakanthan <quic_haric@quicinc.com>
ath11k: disable spectral scan during spectral deinit
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
Minghao Chi <chi.minghao@zte.com.cn>
scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync()
Lv Ruyi <lv.ruyi@zte.com.cn>
scsi: megaraid: Fix error check return value of register_chrdev()
Vignesh Raghavendra <vigneshr@ti.com>
drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit
Aidan MacDonald <aidanmacdonald.0x0@gmail.com>
mmc: jz4740: Apply DMA engine limits to maximum segment size
Heming Zhao <heming.zhao@suse.com>
md/bitmap: don't set sb values if can't pass sanity check
Zheyu Ma <zheyuma97@gmail.com>
media: cx25821: Fix the warning when removing the module
Zheyu Ma <zheyuma97@gmail.com>
media: pci: cx23885: Fix the error handling in cx23885_initdev()
Luca Weiss <luca.weiss@fairphone.com>
media: venus: hfi: avoid null dereference in deinit
Thibaut VARÈNE <hacks+kernel@slashdirt.org>
ath9k: fix QCA9561 PA bias level
Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
drm/amd/pm: fix double free in si_parse_power_table()
Len Brown <len.brown@intel.com>
tools/power turbostat: fix ICX DRAM power numbers
Biju Das <biju.das.jz@bp.renesas.com>
spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction
Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
ALSA: jack: Access input_dev under mutex
Haowen Bai <baihaowen@meizu.com>
sfc: ef10: Fix assigning negative value to unsigned variable
Paul E. McKenney <paulmck@kernel.org>
rcu: Make TASKS_RUDE_RCU select IRQ_WORK
Padmanabha Srinivasaiah <treasure4paddy@gmail.com>
rcu-tasks: Fix race in schedule and flush work
Liviu Dudau <liviu.dudau@arm.com>
drm/komeda: return early if drm_universal_plane_init() fails.
Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
ACPICA: Avoid cache flush inside virtual machines
Mike Travis <mike.travis@hpe.com>
x86/platform/uv: Update TSC sync state for UV5
Daniel Vetter <daniel.vetter@ffwll.ch>
fbcon: Consistently protect deferred_takeover with console_lock()
Niels Dossche <dossche.niels@gmail.com>
ipv6: fix locking issues with loops over idev->addr_list
Haowen Bai <baihaowen@meizu.com>
ipw2x00: Fix potential NULL dereference in libipw_xmit()
Haowen Bai <baihaowen@meizu.com>
b43: Fix assigning negative value to unsigned variable
Haowen Bai <baihaowen@meizu.com>
b43legacy: Fix assigning negative value to unsigned variable
Niels Dossche <dossche.niels@gmail.com>
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
Nikolay Borisov <nborisov@suse.com>
selftests/bpf: Fix vfs_link kprobe definition
Liu Zixian <liuzixian4@huawei.com>
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
Tejas Upadhyay <tejaskumarx.surendrakumar.upadhyay@intel.com>
iommu/vt-d: Add RPLS to quirk list to skip TE disabling
Qu Wenruo <wqu@suse.com>
btrfs: repair super block num_devices automatically
Qu Wenruo <wqu@suse.com>
btrfs: add "0x" prefix for unsupported optional features
Eric W. Biederman <ebiederm@xmission.com>
ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
Eric W. Biederman <ebiederm@xmission.com>
ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
Eric W. Biederman <ebiederm@xmission.com>
ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP
Kan Liang <kan.liang@linux.intel.com>
perf/x86/intel: Fix event constraints for ICL
Ammar Faizi <ammarfaizi2@gnuweeb.org>
x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails
Helge Deller <deller@gmx.de>
parisc/stifb: Keep track of hardware path of graphics card
Peilin Ye <yepeilin.cs@gmail.com>
Fonts: Make font size unsigned in font_desc
Mathias Nyman <mathias.nyman@linux.intel.com>
xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI
Ronnie Sahlberg <lsahlber@redhat.com>
cifs: when extending a file with falloc we should make files not-sparse
Kishon Vijay Abraham I <kishon@ti.com>
usb: core: hcd: Add support for deferring roothub registration
Albert Wang <albertccwang@google.com>
usb: dwc3: gadget: Move null pinter check to proper place
Monish Kumar R <monish.kumar.r@intel.com>
USB: new quirk for Dell Gen 2 devices
Carl Yin(殷张成) <carl.yin@quectel.com>
USB: serial: option: add Quectel BG95 modem
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Cancel pending work at closing a MIDI substream
Marios Levogiannis <marios.levogiannis@gmail.com>
ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
Rik van der Kemp <rik@upto11.nl>
ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop
Samuel Holland <samuel@sholland.org>
riscv: Fix irq_work when SMP is disabled
Alexandre Ghiti <alexandre.ghiti@canonical.com>
riscv: Initialize thread pointer before calling C functions
Helge Deller <deller@gmx.de>
parisc/stifb: Implement fb_is_primary_device()
Niklas Cassel <niklas.cassel@wdc.com>
binfmt_flat: do not stop relocating GOT entries prematurely on riscv
Stephen Boyd <swboyd@chromium.org>
arm64: Initialize jump labels before setup_machine_fdt()
-------------
Diffstat:
Documentation/conf.py | 2 +-
.../bindings/display/sitronix,st7735r.yaml | 1 +
.../devicetree/bindings/gpio/gpio-altera.txt | 5 +-
.../bindings/spi/qcom,spi-qcom-qspi.yaml | 1 +
Makefile | 4 +-
arch/arm/boot/dts/bcm2835-rpi-b.dts | 13 +-
arch/arm/boot/dts/bcm2835-rpi-zero-w.dts | 22 +-
arch/arm/boot/dts/bcm2837-rpi-3-b-plus.dts | 2 +-
arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts | 4 +-
arch/arm/boot/dts/exynos5250-smdk5250.dts | 4 +-
arch/arm/boot/dts/imx6dl-eckelmann-ci4x10.dts | 6 +-
arch/arm/boot/dts/imx6qdl-colibri.dtsi | 6 +-
arch/arm/boot/dts/ox820.dtsi | 2 +-
arch/arm/boot/dts/s5pv210-aries.dtsi | 3 +-
arch/arm/boot/dts/s5pv210.dtsi | 12 +-
arch/arm/boot/dts/stm32mp15xx-dhcor-avenger96.dtsi | 1 +
arch/arm/boot/dts/suniv-f1c100s.dtsi | 4 +-
arch/arm/mach-hisi/platsmp.c | 4 +
arch/arm/mach-mediatek/Kconfig | 1 +
arch/arm/mach-omap1/clock.c | 2 +-
arch/arm/mach-pxa/cm-x300.c | 8 +-
arch/arm/mach-pxa/magician.c | 2 +-
arch/arm/mach-pxa/tosa.c | 4 +-
arch/arm/mach-vexpress/dcscb.c | 1 +
arch/arm64/Kconfig.platforms | 1 +
arch/arm64/boot/dts/qcom/ipq8074.dtsi | 2 +-
arch/arm64/boot/dts/qcom/msm8994.dtsi | 4 +-
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 2 +-
arch/arm64/kernel/setup.c | 7 +-
arch/arm64/kernel/sys_compat.c | 2 +-
arch/arm64/mm/copypage.c | 4 +-
arch/csky/kernel/probes/kprobes.c | 2 +-
arch/m68k/Kconfig.cpu | 2 +-
arch/m68k/include/asm/raw_io.h | 6 +-
.../include/asm/mach-ip27/cpu-feature-overrides.h | 1 -
.../include/asm/mach-ip30/cpu-feature-overrides.h | 1 -
arch/openrisc/include/asm/timex.h | 1 +
arch/openrisc/kernel/head.S | 9 +
arch/parisc/include/asm/fb.h | 4 +
arch/powerpc/include/asm/page.h | 7 +-
arch/powerpc/include/asm/vas.h | 2 +-
arch/powerpc/kernel/fadump.c | 8 +-
arch/powerpc/kernel/idle.c | 2 +-
arch/powerpc/perf/isa207-common.c | 3 +-
arch/powerpc/platforms/4xx/cpm.c | 2 +-
arch/powerpc/platforms/8xx/cpm1.c | 1 +
arch/powerpc/platforms/powernv/opal-fadump.c | 94 +++++----
arch/powerpc/platforms/powernv/opal-fadump.h | 10 +-
arch/powerpc/platforms/powernv/ultravisor.c | 1 +
arch/powerpc/platforms/powernv/vas-fault.c | 2 +-
arch/powerpc/platforms/powernv/vas-window.c | 4 +-
arch/powerpc/platforms/powernv/vas.h | 2 +-
arch/powerpc/sysdev/dart_iommu.c | 6 +-
arch/powerpc/sysdev/fsl_rio.c | 2 +
arch/powerpc/sysdev/xics/icp-opal.c | 1 +
arch/riscv/include/asm/irq_work.h | 2 +-
arch/riscv/kernel/head.S | 1 +
arch/s390/include/asm/kexec.h | 10 +
arch/s390/include/asm/preempt.h | 15 +-
arch/s390/kernel/perf_event.c | 2 +-
arch/um/drivers/chan_user.c | 9 +-
arch/um/include/asm/thread_info.h | 2 +
arch/um/kernel/exec.c | 2 +-
arch/um/kernel/process.c | 2 +-
arch/um/kernel/ptrace.c | 8 +-
arch/um/kernel/signal.c | 4 +-
arch/x86/Kconfig | 4 +-
arch/x86/entry/entry_64.S | 1 +
arch/x86/entry/vdso/vma.c | 2 +-
arch/x86/events/amd/ibs.c | 55 ++++-
arch/x86/events/intel/core.c | 2 +-
arch/x86/include/asm/acenv.h | 14 +-
arch/x86/include/asm/kexec.h | 8 +
arch/x86/include/asm/suspend_32.h | 2 +-
arch/x86/include/asm/suspend_64.h | 12 +-
arch/x86/kernel/apic/apic.c | 2 +-
arch/x86/kernel/apic/x2apic_uv_x.c | 8 +-
arch/x86/kernel/cpu/intel.c | 2 +-
arch/x86/kernel/cpu/mce/amd.c | 32 +--
arch/x86/kernel/step.c | 3 +-
arch/x86/kernel/sys_x86_64.c | 7 +-
arch/x86/kvm/vmx/nested.c | 45 ++++-
arch/x86/kvm/vmx/vmcs.h | 5 +
arch/x86/lib/delay.c | 4 +-
arch/x86/mm/pat/memtype.c | 2 +-
arch/x86/um/ldt.c | 6 +-
arch/xtensa/kernel/ptrace.c | 4 +-
arch/xtensa/kernel/signal.c | 4 +-
arch/xtensa/platforms/iss/simdisk.c | 18 +-
block/bfq-cgroup.c | 111 +++++++----
block/bfq-iosched.c | 46 +++--
block/bfq-iosched.h | 6 +-
block/blk-cgroup.c | 8 +-
block/blk-iolatency.c | 122 ++++++------
crypto/cryptd.c | 23 +--
drivers/acpi/property.c | 18 +-
drivers/acpi/sleep.c | 12 ++
drivers/base/memory.c | 5 +-
drivers/base/node.c | 1 +
drivers/block/drbd/drbd_main.c | 11 +-
drivers/block/nbd.c | 13 +-
drivers/block/virtio_blk.c | 7 +-
drivers/char/hw_random/omap3-rom-rng.c | 2 +-
drivers/char/ipmi/ipmi_msghandler.c | 4 +-
drivers/char/ipmi/ipmi_ssif.c | 23 +++
drivers/char/random.c | 12 +-
drivers/cpufreq/mediatek-cpufreq.c | 19 +-
.../crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 115 +++++++----
drivers/crypto/allwinner/sun8i-ss/sun8i-ss-core.c | 30 ++-
drivers/crypto/allwinner/sun8i-ss/sun8i-ss-hash.c | 10 +-
drivers/crypto/allwinner/sun8i-ss/sun8i-ss.h | 14 +-
drivers/crypto/ccree/cc_buffer_mgr.c | 27 +--
drivers/crypto/marvell/cesa/cipher.c | 1 -
drivers/crypto/nx/nx-common-powernv.c | 2 +-
drivers/devfreq/rk3399_dmc.c | 2 +
drivers/dma/idxd/cdev.c | 8 +-
drivers/dma/stm32-mdma.c | 87 ++++----
drivers/edac/dmc520_edac.c | 2 +-
drivers/firmware/arm_scmi/base.c | 2 +-
drivers/gpio/gpiolib-of.c | 5 +
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 3 +-
drivers/gpu/drm/amd/pm/powerplay/kv_dpm.c | 14 +-
drivers/gpu/drm/amd/pm/powerplay/si_dpm.c | 8 +-
drivers/gpu/drm/arm/display/komeda/komeda_plane.c | 10 +-
drivers/gpu/drm/arm/malidp_crtc.c | 5 +-
drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 1 +
drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 31 ++-
drivers/gpu/drm/drm_edid.c | 6 +-
drivers/gpu/drm/drm_plane.c | 14 +-
drivers/gpu/drm/etnaviv/etnaviv_mmu.c | 6 +
drivers/gpu/drm/gma500/psb_intel_display.c | 7 +-
drivers/gpu/drm/i915/display/intel_dsi_vbt.c | 33 ++-
drivers/gpu/drm/i915/i915_perf.c | 4 +-
drivers/gpu/drm/i915/i915_perf_types.h | 2 +-
drivers/gpu/drm/ingenic/ingenic-drm-drv.c | 61 +++++-
drivers/gpu/drm/mediatek/mtk_cec.c | 2 +-
drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 1 +
drivers/gpu/drm/msm/disp/dpu1/dpu_hw_intf.c | 1 +
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 8 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c | 14 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c | 6 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.c | 15 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.h | 4 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c | 15 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.h | 2 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c | 20 +-
drivers/gpu/drm/msm/dp/dp_display.c | 55 +++--
drivers/gpu/drm/msm/dsi/dsi_host.c | 21 +-
drivers/gpu/drm/msm/hdmi/hdmi.c | 10 +-
drivers/gpu/drm/msm/msm_drv.c | 1 +
drivers/gpu/drm/msm/msm_gem_prime.c | 2 +-
drivers/gpu/drm/nouveau/dispnv50/atom.h | 6 +-
drivers/gpu/drm/nouveau/dispnv50/crc.c | 27 ++-
drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c | 6 +-
drivers/gpu/drm/panel/panel-simple.c | 3 +-
drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 2 +-
drivers/gpu/drm/stm/ltdc.c | 16 +-
drivers/gpu/drm/tilcdc/tilcdc_external.c | 8 +-
drivers/gpu/drm/vc4/vc4_hvs.c | 26 ++-
drivers/gpu/drm/vc4/vc4_txp.c | 8 +-
drivers/gpu/drm/virtio/virtgpu_display.c | 2 +
drivers/hid/hid-bigbenff.c | 6 +
drivers/hid/hid-elan.c | 2 -
drivers/hid/hid-led.c | 2 +-
drivers/hwtracing/coresight/coresight-core.c | 33 ++-
drivers/i2c/busses/i2c-at91-master.c | 11 +
drivers/i2c/busses/i2c-npcm7xx.c | 103 ++++++----
drivers/i2c/busses/i2c-rcar.c | 15 +-
drivers/infiniband/hw/hfi1/file_ops.c | 2 +
drivers/infiniband/hw/hfi1/init.c | 2 +-
drivers/infiniband/hw/hfi1/sdma.c | 12 +-
drivers/infiniband/sw/rdmavt/qp.c | 6 +-
drivers/infiniband/sw/rxe/rxe_req.c | 2 +-
drivers/input/misc/sparcspkr.c | 1 +
drivers/input/touchscreen/stmfts.c | 16 +-
drivers/iommu/amd/init.c | 2 +-
drivers/iommu/intel/iommu.c | 2 +-
drivers/iommu/msm_iommu.c | 11 +-
drivers/iommu/mtk_iommu.c | 3 +-
drivers/irqchip/irq-armada-370-xp.c | 11 +-
drivers/irqchip/irq-aspeed-i2c-ic.c | 4 +-
drivers/irqchip/irq-aspeed-scu-ic.c | 4 +-
drivers/irqchip/irq-sni-exiu.c | 25 ++-
drivers/irqchip/irq-xtensa-mx.c | 18 +-
drivers/macintosh/Kconfig | 6 +
drivers/macintosh/Makefile | 3 +-
drivers/macintosh/via-pmu.c | 2 +-
drivers/mailbox/mailbox.c | 19 +-
drivers/md/bcache/btree.c | 58 +++---
drivers/md/bcache/btree.h | 2 +-
drivers/md/bcache/journal.c | 31 ++-
drivers/md/bcache/journal.h | 2 +
drivers/md/bcache/request.c | 6 +
drivers/md/bcache/super.c | 1 +
drivers/md/bcache/writeback.c | 101 ++++------
drivers/md/bcache/writeback.h | 2 +-
drivers/md/md-bitmap.c | 44 ++--
drivers/md/md.c | 18 +-
drivers/media/cec/core/cec-adap.c | 6 +-
drivers/media/i2c/ov7670.c | 1 -
drivers/media/pci/cx23885/cx23885-core.c | 6 +-
drivers/media/pci/cx25821/cx25821-core.c | 2 +-
drivers/media/platform/aspeed-video.c | 4 +-
drivers/media/platform/coda/coda-common.c | 35 ++--
drivers/media/platform/exynos4-is/fimc-is.c | 6 +-
drivers/media/platform/exynos4-is/fimc-isp-video.h | 2 +-
drivers/media/platform/qcom/venus/hfi.c | 3 +
drivers/media/platform/rockchip/rga/rga.c | 6 +-
drivers/media/platform/sti/delta/delta-v4l2.c | 6 +-
drivers/media/platform/vsp1/vsp1_rpf.c | 6 +-
drivers/media/rc/imon.c | 99 +++++----
drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 7 +-
drivers/media/usb/uvc/uvc_v4l2.c | 20 +-
drivers/memory/samsung/exynos5422-dmc.c | 5 +-
drivers/mfd/davinci_voicecodec.c | 6 +-
drivers/mfd/ipaq-micro.c | 2 +-
drivers/misc/ocxl/file.c | 2 +
drivers/mmc/host/jz4740_mmc.c | 20 ++
drivers/mmc/host/sdhci_am654.c | 23 ++-
drivers/mtd/chips/cfi_cmdset_0002.c | 103 +++++-----
drivers/mtd/nand/raw/cadence-nand-controller.c | 5 +-
drivers/mtd/nand/raw/denali_pci.c | 15 +-
drivers/mtd/spi-nor/core.c | 9 +
drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 2 +-
drivers/net/can/xilinx_can.c | 4 +-
drivers/net/dsa/mt7530.c | 14 +-
drivers/net/ethernet/broadcom/Makefile | 5 +
.../chelsio/inline_crypto/chtls/chtls_cm.c | 2 +-
.../net/ethernet/huawei/hinic/hinic_hw_api_cmd.c | 5 +-
drivers/net/ethernet/huawei/hinic/hinic_hw_cmdq.c | 10 +-
drivers/net/ethernet/huawei/hinic/hinic_hw_dev.c | 5 +-
drivers/net/ethernet/huawei/hinic/hinic_hw_eqs.c | 9 +-
drivers/net/ethernet/huawei/hinic/hinic_hw_mgmt.c | 2 +
drivers/net/ethernet/huawei/hinic/hinic_hw_wq.c | 23 +--
drivers/net/ethernet/huawei/hinic/hinic_main.c | 10 +-
drivers/net/ethernet/huawei/hinic/hinic_tx.c | 9 +-
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 10 +-
drivers/net/ethernet/mellanox/mlxsw/core_thermal.c | 2 +-
drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c | 13 --
.../net/ethernet/mellanox/mlxsw/spectrum_trap.c | 2 +-
drivers/net/ethernet/sfc/ef10.c | 2 +-
.../net/ethernet/stmicro/stmmac/stmmac_selftests.c | 15 +-
drivers/net/hyperv/netvsc_drv.c | 5 +-
drivers/net/ipa/ipa_endpoint.c | 4 +-
drivers/net/phy/micrel.c | 11 +-
drivers/net/wireguard/socket.c | 4 +-
drivers/net/wireless/ath/ath10k/mac.c | 20 +-
drivers/net/wireless/ath/ath11k/mac.c | 16 +-
drivers/net/wireless/ath/ath11k/spectral.c | 17 +-
drivers/net/wireless/ath/ath9k/ar9003_eeprom.c | 2 +-
drivers/net/wireless/ath/ath9k/ar9003_phy.h | 2 +-
drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 8 +
drivers/net/wireless/ath/carl9170/tx.c | 3 +
drivers/net/wireless/broadcom/b43/phy_n.c | 2 +-
drivers/net/wireless/broadcom/b43legacy/phy.c | 2 +-
drivers/net/wireless/intel/ipw2x00/libipw_tx.c | 2 +-
drivers/net/wireless/intel/iwlwifi/mvm/power.c | 3 +
drivers/net/wireless/marvell/mwifiex/11h.c | 2 +
drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c | 8 +-
drivers/net/wireless/realtek/rtlwifi/usb.c | 2 +-
drivers/nfc/st21nfca/se.c | 17 +-
drivers/nfc/st21nfca/st21nfca.h | 1 +
drivers/nvdimm/core.c | 9 -
drivers/nvdimm/security.c | 5 -
drivers/nvme/host/core.c | 2 +-
drivers/nvme/host/pci.c | 1 +
drivers/of/overlay.c | 4 +-
drivers/opp/of.c | 2 +-
drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 +-
drivers/pci/controller/dwc/pci-imx6.c | 23 ++-
drivers/pci/controller/dwc/pcie-designware-host.c | 3 +-
drivers/pci/controller/dwc/pcie-qcom.c | 9 +-
drivers/pci/controller/pcie-rockchip-ep.c | 3 +-
drivers/pci/pci.c | 12 +-
drivers/pci/pcie/aer.c | 7 +-
drivers/phy/qualcomm/phy-qcom-qmp.c | 11 +-
drivers/pinctrl/bcm/pinctrl-bcm2835.c | 18 ++
drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 2 +-
drivers/pinctrl/renesas/core.c | 7 +-
drivers/pinctrl/renesas/pinctrl-rzn1.c | 10 +-
drivers/platform/chrome/cros_ec.c | 16 +-
drivers/platform/chrome/cros_ec_chardev.c | 2 +-
drivers/platform/chrome/cros_ec_proto.c | 50 ++++-
drivers/platform/mips/cpu_hwmon.c | 127 ++++--------
drivers/regulator/core.c | 7 +-
drivers/regulator/pfuze100-regulator.c | 2 +
drivers/regulator/qcom_smd-regulator.c | 35 ++--
drivers/scsi/dc395x.c | 15 +-
drivers/scsi/fcoe/fcoe_ctlr.c | 2 +-
drivers/scsi/lpfc/lpfc_sli.c | 6 +-
drivers/scsi/megaraid.c | 2 +-
drivers/scsi/ufs/ti-j721e-ufs.c | 6 +-
drivers/scsi/ufs/ufs-qcom.c | 14 +-
drivers/scsi/ufs/ufshcd.c | 7 +-
drivers/soc/qcom/llcc-qcom.c | 1 +
drivers/soc/qcom/smp2p.c | 1 +
drivers/soc/qcom/smsm.c | 1 +
drivers/soc/ti/ti_sci_pm_domains.c | 2 +
drivers/spi/spi-fsl-qspi.c | 4 +
drivers/spi/spi-img-spfi.c | 2 +-
drivers/spi/spi-rspi.c | 15 +-
drivers/spi/spi-stm32-qspi.c | 3 +-
drivers/spi/spi-ti-qspi.c | 5 +-
drivers/staging/media/hantro/hantro_v4l2.c | 8 +-
drivers/staging/media/rkvdec/rkvdec-h264.c | 37 +++-
drivers/staging/media/rkvdec/rkvdec.c | 10 +-
drivers/target/target_core_device.c | 1 -
drivers/thermal/broadcom/bcm2711_thermal.c | 5 +-
drivers/thermal/broadcom/sr-thermal.c | 3 +
drivers/thermal/imx_sc_thermal.c | 6 +-
drivers/thermal/thermal_core.c | 42 ++--
drivers/tty/serial/pch_uart.c | 27 +--
drivers/tty/tty_buffer.c | 3 +-
drivers/usb/core/hcd.c | 29 ++-
drivers/usb/core/quirks.c | 3 +
drivers/usb/dwc3/gadget.c | 6 +-
drivers/usb/host/xhci-pci.c | 2 +
drivers/usb/serial/option.c | 2 +
drivers/vdpa/vdpa_sim/vdpa_sim.c | 5 +-
drivers/video/console/sticon.c | 5 +-
drivers/video/console/sticore.c | 32 ++-
drivers/video/fbdev/amba-clcd.c | 5 +-
drivers/video/fbdev/core/fbcon.c | 5 +-
drivers/video/fbdev/sticore.h | 3 +
drivers/video/fbdev/stifb.c | 4 +-
fs/afs/rxrpc.c | 8 +-
fs/binfmt_flat.c | 27 ++-
fs/btrfs/disk-io.c | 4 +-
fs/btrfs/volumes.c | 8 +-
fs/cifs/smb2inode.c | 2 -
fs/cifs/smb2ops.c | 2 +-
fs/dax.c | 3 +-
fs/dlm/lock.c | 11 +-
fs/dlm/plock.c | 12 +-
fs/ext4/ext4.h | 6 -
fs/ext4/extents.c | 10 +-
fs/ext4/inline.c | 12 ++
fs/ext4/inode.c | 4 +
fs/ext4/namei.c | 84 ++++++--
fs/ext4/super.c | 24 ++-
fs/f2fs/f2fs.h | 19 +-
fs/f2fs/file.c | 20 +-
fs/f2fs/inline.c | 29 ++-
fs/f2fs/inode.c | 19 +-
fs/f2fs/segment.c | 42 ++--
fs/f2fs/segment.h | 33 +--
fs/f2fs/super.c | 6 +-
fs/fat/fatent.c | 7 +-
fs/fs-writeback.c | 13 +-
fs/gfs2/quota.c | 32 +--
fs/iomap/buffered-io.c | 3 +-
fs/jfs/jfs_dmap.c | 3 +-
fs/nfs/file.c | 16 +-
fs/nfs/pnfs.c | 2 +
fs/nfs/write.c | 11 +-
fs/notify/fdinfo.c | 11 +-
fs/notify/inotify/inotify.h | 12 ++
fs/notify/inotify/inotify_user.c | 2 +-
fs/notify/mark.c | 6 +-
fs/ocfs2/dlmfs/userdlm.c | 16 +-
fs/proc/generic.c | 3 +
fs/proc/proc_net.c | 3 +
fs/xfs/libxfs/xfs_btree.c | 35 ++--
fs/xfs/xfs_dquot.c | 39 +++-
fs/xfs/xfs_iomap.c | 3 +
fs/xfs/xfs_log.c | 28 ++-
fs/xfs/xfs_log.h | 1 +
fs/xfs/xfs_mount.c | 93 +++++----
fs/xfs/xfs_qm.c | 92 ++++-----
fs/xfs/xfs_symlink.c | 1 +
include/drm/drm_edid.h | 6 +-
include/linux/bpf.h | 2 +
include/linux/efi.h | 2 +
include/linux/font.h | 2 +-
include/linux/gpio/driver.h | 12 ++
include/linux/kexec.h | 46 ++++-
include/linux/lsm_hook_defs.h | 4 +-
include/linux/lsm_hooks.h | 2 +-
include/linux/mailbox_controller.h | 1 +
include/linux/mtd/cfi.h | 1 +
include/linux/nodemask.h | 13 +-
include/linux/platform_data/cros_ec_proto.h | 3 +
include/linux/ptrace.h | 7 -
include/linux/security.h | 23 ++-
include/linux/thermal.h | 2 +-
include/linux/usb/hcd.h | 2 +
include/net/bluetooth/hci.h | 16 +-
include/net/bluetooth/hci_core.h | 18 +-
include/net/flow.h | 10 +
include/net/if_inet6.h | 8 +
include/net/route.h | 6 +-
include/scsi/libfcoe.h | 3 +-
include/sound/jack.h | 1 +
include/trace/events/rxrpc.h | 2 +-
include/trace/events/vmscan.h | 4 +-
init/Kconfig | 5 +
ipc/mqueue.c | 14 ++
kernel/bpf/stackmap.c | 1 -
kernel/dma/debug.c | 2 +-
kernel/kexec_file.c | 34 ----
kernel/ptrace.c | 5 +-
kernel/rcu/Kconfig | 1 +
kernel/rcu/tasks.h | 3 +
kernel/scftorture.c | 5 +-
kernel/sched/fair.c | 8 +-
kernel/sched/pelt.h | 4 +-
kernel/sched/sched.h | 4 +-
kernel/trace/ftrace.c | 5 +-
kernel/trace/trace_events_hist.c | 3 +
mm/compaction.c | 2 +
mm/hugetlb.c | 9 +-
net/bluetooth/hci_conn.c | 8 +-
net/bluetooth/hci_core.c | 27 +--
net/bluetooth/hci_debugfs.c | 8 +-
net/bluetooth/hci_event.c | 91 +++++----
net/bluetooth/hci_request.c | 221 ++++++++++++++++-----
net/bluetooth/hci_sock.c | 12 +-
net/bluetooth/l2cap_core.c | 10 +-
net/bluetooth/mgmt.c | 14 +-
net/bluetooth/mgmt_config.c | 10 +
net/bluetooth/sco.c | 21 +-
net/bluetooth/smp.c | 6 +-
net/core/dev.c | 8 +-
net/dccp/ipv4.c | 2 +-
net/dccp/ipv6.c | 6 +-
net/ipv4/icmp.c | 4 +-
net/ipv4/inet_connection_sock.c | 4 +-
net/ipv4/ip_output.c | 2 +-
net/ipv4/ping.c | 2 +-
net/ipv4/raw.c | 2 +-
net/ipv4/syncookies.c | 2 +-
net/ipv4/udp.c | 2 +-
net/ipv6/addrconf.c | 33 ++-
net/ipv6/af_inet6.c | 2 +-
net/ipv6/datagram.c | 2 +-
net/ipv6/icmp.c | 6 +-
net/ipv6/inet6_connection_sock.c | 4 +-
net/ipv6/netfilter/nf_reject_ipv6.c | 2 +-
net/ipv6/ping.c | 2 +-
net/ipv6/raw.c | 2 +-
net/ipv6/syncookies.c | 2 +-
net/ipv6/tcp_ipv6.c | 4 +-
net/ipv6/udp.c | 2 +-
net/l2tp/l2tp_ip6.c | 2 +-
net/mac80211/chan.c | 7 +-
net/mac80211/ieee80211_i.h | 5 +
net/mac80211/scan.c | 20 ++
net/netfilter/nf_synproxy_core.c | 2 +-
net/nfc/core.c | 1 +
net/rxrpc/ar-internal.h | 13 +-
net/rxrpc/call_event.c | 7 +-
net/rxrpc/conn_object.c | 2 +-
net/rxrpc/input.c | 31 ++-
net/rxrpc/output.c | 20 +-
net/rxrpc/recvmsg.c | 8 +-
net/rxrpc/sendmsg.c | 6 +
net/rxrpc/sysctl.c | 4 +-
net/sctp/input.c | 4 +-
net/smc/af_smc.c | 2 +-
net/wireless/nl80211.c | 1 +
net/wireless/reg.c | 4 +
net/xfrm/xfrm_state.c | 6 +-
scripts/faddr2line | 150 +++++++++-----
security/integrity/ima/Kconfig | 14 +-
.../integrity/platform_certs/keyring_handler.h | 8 +
security/integrity/platform_certs/load_uefi.c | 33 +++
security/security.c | 17 +-
security/selinux/hooks.c | 4 +-
security/selinux/include/xfrm.h | 2 +-
security/selinux/xfrm.c | 13 +-
sound/core/jack.c | 34 +++-
sound/core/pcm_memory.c | 3 +-
sound/pci/hda/patch_realtek.c | 11 +
sound/soc/atmel/atmel-classd.c | 1 -
sound/soc/atmel/atmel-pdmic.c | 1 -
sound/soc/codecs/Kconfig | 2 -
sound/soc/codecs/max98090.c | 6 +-
sound/soc/codecs/rk3328_codec.c | 2 +-
sound/soc/codecs/rt5514.c | 2 +-
sound/soc/codecs/rt5645.c | 7 +-
sound/soc/codecs/tscs454.c | 12 +-
sound/soc/codecs/wm2000.c | 6 +-
sound/soc/fsl/imx-sgtl5000.c | 14 +-
sound/soc/intel/boards/bytcr_rt5640.c | 12 ++
sound/soc/mediatek/mt2701/mt2701-wm8960.c | 9 +-
sound/soc/mediatek/mt8173/mt8173-max98090.c | 5 +-
sound/soc/mxs/mxs-saif.c | 1 +
sound/soc/samsung/aries_wm8994.c | 17 +-
sound/soc/samsung/arndale.c | 5 +-
sound/soc/samsung/littlemill.c | 5 +-
sound/soc/samsung/lowland.c | 5 +-
sound/soc/samsung/odroid.c | 4 +-
sound/soc/samsung/smdk_wm8994.c | 4 +-
sound/soc/samsung/smdk_wm8994pcm.c | 4 +-
sound/soc/samsung/snow.c | 9 +-
sound/soc/samsung/speyside.c | 5 +-
sound/soc/samsung/tm2_wm5110.c | 3 +-
sound/soc/samsung/tobermory.c | 5 +-
sound/soc/soc-dapm.c | 2 -
sound/soc/ti/j721e-evm.c | 44 +++-
sound/usb/midi.c | 3 +
tools/lib/bpf/libbpf.c | 20 +-
tools/perf/Makefile.config | 39 ++--
tools/perf/builtin-c2c.c | 6 +-
tools/perf/pmu-events/jevents.c | 2 +-
tools/perf/util/data.h | 1 +
tools/power/x86/turbostat/turbostat.c | 1 +
.../bpf/progs/btf_dump_test_case_syntax.c | 2 +-
tools/testing/selftests/bpf/progs/profiler.inc.h | 5 +-
tools/testing/selftests/cgroup/test_stress.sh | 2 +-
tools/testing/selftests/resctrl/fill_buf.c | 4 +-
512 files changed, 3868 insertions(+), 2289 deletions(-)
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 001/452] arm64: Initialize jump labels before setup_machine_fdt()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 17:28 ` Catalin Marinas
2022-06-07 16:57 ` [PATCH 5.10 002/452] binfmt_flat: do not stop relocating GOT entries prematurely on riscv Greg Kroah-Hartman
` (456 subsequent siblings)
457 siblings, 1 reply; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hsin-Yi Wang, Douglas Anderson,
Ard Biesheuvel, Steven Rostedt, Jason A. Donenfeld,
Dominik Brodowski, Stephen Boyd, Catalin Marinas
From: Stephen Boyd <swboyd@chromium.org>
commit 73e2d827a501d48dceeb5b9b267a4cd283d6b1ae upstream.
A static key warning splat appears during early boot on arm64 systems
that credit randomness from devicetrees that contain an "rng-seed"
property. This is because setup_machine_fdt() is called before
jump_label_init() during setup_arch(). Let's swap the order of these two
calls so that jump labels are initialized before the devicetree is
unflattened and the rng seed is credited.
static_key_enable_cpuslocked(): static key '0xffffffe51c6fcfc0' used before call to jump_label_init()
WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:166 static_key_enable_cpuslocked+0xb0/0xb8
Modules linked in:
CPU: 0 PID: 0 Comm: swapper Not tainted 5.18.0+ #224 44b43e377bfc84bc99bb5ab885ff694984ee09ff
pstate: 600001c9 (nZCv dAIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : static_key_enable_cpuslocked+0xb0/0xb8
lr : static_key_enable_cpuslocked+0xb0/0xb8
sp : ffffffe51c393cf0
x29: ffffffe51c393cf0 x28: 000000008185054c x27: 00000000f1042f10
x26: 0000000000000000 x25: 00000000f10302b2 x24: 0000002513200000
x23: 0000002513200000 x22: ffffffe51c1c9000 x21: fffffffdfdc00000
x20: ffffffe51c2f0831 x19: ffffffe51c6fcfc0 x18: 00000000ffff1020
x17: 00000000e1e2ac90 x16: 00000000000000e0 x15: ffffffe51b710708
x14: 0000000000000066 x13: 0000000000000018 x12: 0000000000000000
x11: 0000000000000000 x10: 00000000ffffffff x9 : 0000000000000000
x8 : 0000000000000000 x7 : 61632065726f6665 x6 : 6220646573752027
x5 : ffffffe51c641d25 x4 : ffffffe51c13142c x3 : ffff0a00ffffff05
x2 : 40000000ffffe003 x1 : 00000000000001c0 x0 : 0000000000000065
Call trace:
static_key_enable_cpuslocked+0xb0/0xb8
static_key_enable+0x2c/0x40
crng_set_ready+0x24/0x30
execute_in_process_context+0x80/0x90
_credit_init_bits+0x100/0x154
add_bootloader_randomness+0x64/0x78
early_init_dt_scan_chosen+0x140/0x184
early_init_dt_scan_nodes+0x28/0x4c
early_init_dt_scan+0x40/0x44
setup_machine_fdt+0x7c/0x120
setup_arch+0x74/0x1d8
start_kernel+0x84/0x44c
__primary_switched+0xc0/0xc8
---[ end trace 0000000000000000 ]---
random: crng init done
Machine model: Google Lazor (rev1 - 2) with LTE
Cc: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: Douglas Anderson <dianders@chromium.org>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Fixes: f5bda35fba61 ("random: use static branch for crng_ready()")
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Link: https://lore.kernel.org/r/20220602022109.780348-1-swboyd@chromium.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/kernel/setup.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/arch/arm64/kernel/setup.c
+++ b/arch/arm64/kernel/setup.c
@@ -300,13 +300,14 @@ void __init __no_sanitize_address setup_
early_fixmap_init();
early_ioremap_init();
- setup_machine_fdt(__fdt_pointer);
-
/*
* Initialise the static keys early as they may be enabled by the
- * cpufeature code and early parameters.
+ * cpufeature code, early parameters, and DT setup.
*/
jump_label_init();
+
+ setup_machine_fdt(__fdt_pointer);
+
parse_early_param();
/*
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 002/452] binfmt_flat: do not stop relocating GOT entries prematurely on riscv
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 001/452] arm64: Initialize jump labels before setup_machine_fdt() Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 003/452] parisc/stifb: Implement fb_is_primary_device() Greg Kroah-Hartman
` (455 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niklas Cassel, Damien Le Moal,
Kees Cook, kernel test robot
From: Niklas Cassel <niklas.cassel@wdc.com>
commit 6045ab5fea4c849153ebeb0acb532da5f29d69c4 upstream.
bFLT binaries are usually created using elf2flt.
The linker script used by elf2flt has defined the .data section like the
following for the last 19 years:
.data : {
_sdata = . ;
__data_start = . ;
data_start = . ;
*(.got.plt)
*(.got)
FILL(0) ;
. = ALIGN(0x20) ;
LONG(-1)
. = ALIGN(0x20) ;
...
}
It places the .got.plt input section before the .got input section.
The same is true for the default linker script (ld --verbose) on most
architectures except x86/x86-64.
The binfmt_flat loader should relocate all GOT entries until it encounters
a -1 (the LONG(-1) in the linker script).
The problem is that the .got.plt input section starts with a GOTPLT header
(which has size 16 bytes on elf64-riscv and 8 bytes on elf32-riscv), where
the first word is set to -1. See the binutils implementation for riscv [1].
This causes the binfmt_flat loader to stop relocating GOT entries
prematurely and thus causes the application to crash when running.
Fix this by skipping the whole GOTPLT header, since the whole GOTPLT header
is reserved for the dynamic linker.
The GOTPLT header will only be skipped for bFLT binaries with flag
FLAT_FLAG_GOTPIC set. This flag is unconditionally set by elf2flt if the
supplied ELF binary has the symbol _GLOBAL_OFFSET_TABLE_ defined.
ELF binaries without a .got input section should thus remain unaffected.
Tested on RISC-V Canaan Kendryte K210 and RISC-V QEMU nommu_virt_defconfig.
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=bfd/elfnn-riscv.c;hb=binutils-2_38#l3275
Cc: <stable@vger.kernel.org>
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Reviewed-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Link: https://lore.kernel.org/r/20220414091018.896737-1-niklas.cassel@wdc.com
Fixed-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/lkml/202204182333.OIUOotK8-lkp@intel.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/binfmt_flat.c | 27 ++++++++++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
--- a/fs/binfmt_flat.c
+++ b/fs/binfmt_flat.c
@@ -427,6 +427,30 @@ static void old_reloc(unsigned long rl)
/****************************************************************************/
+static inline u32 __user *skip_got_header(u32 __user *rp)
+{
+ if (IS_ENABLED(CONFIG_RISCV)) {
+ /*
+ * RISC-V has a 16 byte GOT PLT header for elf64-riscv
+ * and 8 byte GOT PLT header for elf32-riscv.
+ * Skip the whole GOT PLT header, since it is reserved
+ * for the dynamic linker (ld.so).
+ */
+ u32 rp_val0, rp_val1;
+
+ if (get_user(rp_val0, rp))
+ return rp;
+ if (get_user(rp_val1, rp + 1))
+ return rp;
+
+ if (rp_val0 == 0xffffffff && rp_val1 == 0xffffffff)
+ rp += 4;
+ else if (rp_val0 == 0xffffffff)
+ rp += 2;
+ }
+ return rp;
+}
+
static int load_flat_file(struct linux_binprm *bprm,
struct lib_info *libinfo, int id, unsigned long *extra_stack)
{
@@ -774,7 +798,8 @@ static int load_flat_file(struct linux_b
* image.
*/
if (flags & FLAT_FLAG_GOTPIC) {
- for (rp = (u32 __user *)datapos; ; rp++) {
+ rp = skip_got_header((u32 __user *) datapos);
+ for (; ; rp++) {
u32 addr, rp_val;
if (get_user(rp_val, rp))
return -EFAULT;
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 003/452] parisc/stifb: Implement fb_is_primary_device()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 001/452] arm64: Initialize jump labels before setup_machine_fdt() Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 002/452] binfmt_flat: do not stop relocating GOT entries prematurely on riscv Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 004/452] riscv: Initialize thread pointer before calling C functions Greg Kroah-Hartman
` (454 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller
From: Helge Deller <deller@gmx.de>
commit cf936af790a3ef5f41ff687ec91bfbffee141278 upstream.
Implement fb_is_primary_device() function, so that fbcon detects if this
framebuffer belongs to the default graphics card which was used to start
the system.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org # v5.10+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/include/asm/fb.h | 4 ++++
drivers/video/console/sticore.c | 17 +++++++++++++++++
drivers/video/fbdev/stifb.c | 4 ++--
3 files changed, 23 insertions(+), 2 deletions(-)
--- a/arch/parisc/include/asm/fb.h
+++ b/arch/parisc/include/asm/fb.h
@@ -12,9 +12,13 @@ static inline void fb_pgprotect(struct f
pgprot_val(vma->vm_page_prot) |= _PAGE_NO_CACHE;
}
+#if defined(CONFIG_STI_CONSOLE) || defined(CONFIG_FB_STI)
+int fb_is_primary_device(struct fb_info *info);
+#else
static inline int fb_is_primary_device(struct fb_info *info)
{
return 0;
}
+#endif
#endif /* _ASM_FB_H_ */
--- a/drivers/video/console/sticore.c
+++ b/drivers/video/console/sticore.c
@@ -30,6 +30,7 @@
#include <asm/pdc.h>
#include <asm/cacheflush.h>
#include <asm/grfioctl.h>
+#include <asm/fb.h>
#include "../fbdev/sticore.h"
@@ -1127,6 +1128,22 @@ int sti_call(const struct sti_struct *st
return ret;
}
+/* check if given fb_info is the primary device */
+int fb_is_primary_device(struct fb_info *info)
+{
+ struct sti_struct *sti;
+
+ sti = sti_get_rom(0);
+
+ /* if no built-in graphics card found, allow any fb driver as default */
+ if (!sti)
+ return true;
+
+ /* return true if it's the default built-in framebuffer driver */
+ return (sti->info == info);
+}
+EXPORT_SYMBOL(fb_is_primary_device);
+
MODULE_AUTHOR("Philipp Rumpf, Helge Deller, Thomas Bogendoerfer");
MODULE_DESCRIPTION("Core STI driver for HP's NGLE series graphics cards in HP PARISC machines");
MODULE_LICENSE("GPL v2");
--- a/drivers/video/fbdev/stifb.c
+++ b/drivers/video/fbdev/stifb.c
@@ -1317,11 +1317,11 @@ static int __init stifb_init_fb(struct s
goto out_err3;
}
+ /* save for primary gfx device detection & unregister_framebuffer() */
+ sti->info = info;
if (register_framebuffer(&fb->info) < 0)
goto out_err4;
- sti->info = info; /* save for unregister_framebuffer() */
-
fb_info(&fb->info, "%s %dx%d-%d frame buffer device, %s, id: %04x, mmio: 0x%04lx\n",
fix->id,
var->xres,
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 004/452] riscv: Initialize thread pointer before calling C functions
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 003/452] parisc/stifb: Implement fb_is_primary_device() Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 005/452] riscv: Fix irq_work when SMP is disabled Greg Kroah-Hartman
` (453 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexandre Ghiti, Palmer Dabbelt
From: Alexandre Ghiti <alexandre.ghiti@canonical.com>
commit 35d33c76d68dfacc330a8eb477b51cc647c5a847 upstream.
Because of the stack canary feature that reads from the current task
structure the stack canary value, the thread pointer register "tp" must
be set before calling any C function from head.S: by chance, setup_vm
and all the functions that it calls does not seem to be part of the
functions where the canary check is done, but in the following commits,
some functions will.
Fixes: f2c9699f65557a31 ("riscv: Add STACKPROTECTOR supported")
Signed-off-by: Alexandre Ghiti <alexandre.ghiti@canonical.com>
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/kernel/head.S | 1 +
1 file changed, 1 insertion(+)
--- a/arch/riscv/kernel/head.S
+++ b/arch/riscv/kernel/head.S
@@ -261,6 +261,7 @@ clear_bss_done:
REG_S a0, (a2)
/* Initialize page tables and relocate to virtual addresses */
+ la tp, init_task
la sp, init_thread_union + THREAD_SIZE
mv a0, s1
call setup_vm
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 005/452] riscv: Fix irq_work when SMP is disabled
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 004/452] riscv: Initialize thread pointer before calling C functions Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 006/452] ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop Greg Kroah-Hartman
` (452 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Samuel Holland, Heiko Stuebner,
Palmer Dabbelt
From: Samuel Holland <samuel@sholland.org>
commit 2273272823db6f67d57761df8116ae32e7f05bed upstream.
irq_work is triggered via an IPI, but the IPI infrastructure is not
included in uniprocessor kernels. As a result, irq_work never runs.
Fall back to the tick-based irq_work implementation on uniprocessor
configurations.
Fixes: 298447928bb1 ("riscv: Support irq_work via self IPIs")
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Link: https://lore.kernel.org/r/20220430030025.58405-1-samuel@sholland.org
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/riscv/include/asm/irq_work.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/riscv/include/asm/irq_work.h
+++ b/arch/riscv/include/asm/irq_work.h
@@ -4,7 +4,7 @@
static inline bool arch_irq_work_has_interrupt(void)
{
- return true;
+ return IS_ENABLED(CONFIG_SMP);
}
extern void arch_irq_work_raise(void);
#endif /* _ASM_RISCV_IRQ_WORK_H */
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 006/452] ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 005/452] riscv: Fix irq_work when SMP is disabled Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 007/452] ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS Greg Kroah-Hartman
` (451 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Rik van der Kemp, Takashi Iwai
From: Rik van der Kemp <rik@upto11.nl>
commit 15dad62f4bdb5dc0f0efde8181d680db9963544c upstream.
The 2022-model XPS 15 appears to use the same 4-speakers-on-ALC289
audio setup as the Dell XPS 15 9510, so requires the same quirk to
enable woofer output. Tested on my own 9520.
[ Move the entry to the right position in the SSID order -- tiwai ]
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=216035
Cc: <stable@vger.kernel.org>
Signed-off-by: Rik van der Kemp <rik@upto11.nl>
Link: https://lore.kernel.org/r/181056a137b.d14baf90133058.8425453735588429828@upto11.nl
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -8651,6 +8651,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x1028, 0x0a62, "Dell Precision 5560", ALC289_FIXUP_DUAL_SPK),
SND_PCI_QUIRK(0x1028, 0x0a9d, "Dell Latitude 5430", ALC269_FIXUP_DELL4_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x0a9e, "Dell Latitude 5430", ALC269_FIXUP_DELL4_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1028, 0x0b19, "Dell XPS 15 9520", ALC289_FIXUP_DUAL_SPK),
SND_PCI_QUIRK(0x1028, 0x164a, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1028, 0x164b, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x103c, 0x1586, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC2),
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 007/452] ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 006/452] ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 008/452] ALSA: usb-audio: Cancel pending work at closing a MIDI substream Greg Kroah-Hartman
` (450 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Marios Levogiannis, Takashi Iwai
From: Marios Levogiannis <marios.levogiannis@gmail.com>
commit 9bfa7b36343c7d84370bc61c9ed774635b05e4eb upstream.
Set microphone pins 0x18 (rear) and 0x19 (front) to VREF_50 to fix the
microphone noise on ASUS TUF B550M-PLUS which uses the ALCS1200A codec.
The initial value was VREF_80.
The same issue is also present on Windows using both the default Windows
driver and all tested Realtek drivers before version 6.0.9049.1. Comparing
Realtek driver 6.0.9049.1 (the first one without the microphone noise) to
Realtek driver 6.0.9047.1 (the last one with the microphone noise)
revealed that the fix is the result of setting pins 0x18 and 0x19 to
VREF_50.
This fix may also work for other boards that have been reported to have
the same microphone issue and use the ALC1150 and ALCS1200A codecs, since
these codecs are similar and the fix in the Realtek driver on Windows is
common for both. However, it is currently enabled only for ASUS TUF
B550M-PLUS as this is the only board that could be tested.
Signed-off-by: Marios Levogiannis <marios.levogiannis@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220530074131.12258-1-marios.levogiannis@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -1990,6 +1990,7 @@ enum {
ALC1220_FIXUP_CLEVO_PB51ED_PINS,
ALC887_FIXUP_ASUS_AUDIO,
ALC887_FIXUP_ASUS_HMIC,
+ ALCS1200A_FIXUP_MIC_VREF,
};
static void alc889_fixup_coef(struct hda_codec *codec,
@@ -2535,6 +2536,14 @@ static const struct hda_fixup alc882_fix
.chained = true,
.chain_id = ALC887_FIXUP_ASUS_AUDIO,
},
+ [ALCS1200A_FIXUP_MIC_VREF] = {
+ .type = HDA_FIXUP_PINCTLS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x18, PIN_VREF50 }, /* rear mic */
+ { 0x19, PIN_VREF50 }, /* front mic */
+ {}
+ }
+ },
};
static const struct snd_pci_quirk alc882_fixup_tbl[] = {
@@ -2572,6 +2581,7 @@ static const struct snd_pci_quirk alc882
SND_PCI_QUIRK(0x1043, 0x835f, "Asus Eee 1601", ALC888_FIXUP_EEE1601),
SND_PCI_QUIRK(0x1043, 0x84bc, "ASUS ET2700", ALC887_FIXUP_ASUS_BASS),
SND_PCI_QUIRK(0x1043, 0x8691, "ASUS ROG Ranger VIII", ALC882_FIXUP_GPIO3),
+ SND_PCI_QUIRK(0x1043, 0x8797, "ASUS TUF B550M-PLUS", ALCS1200A_FIXUP_MIC_VREF),
SND_PCI_QUIRK(0x104d, 0x9043, "Sony Vaio VGC-LN51JGB", ALC882_FIXUP_NO_PRIMARY_HP),
SND_PCI_QUIRK(0x104d, 0x9044, "Sony VAIO AiO", ALC882_FIXUP_NO_PRIMARY_HP),
SND_PCI_QUIRK(0x104d, 0x9047, "Sony Vaio TT", ALC889_FIXUP_VAIO_TT),
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 008/452] ALSA: usb-audio: Cancel pending work at closing a MIDI substream
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 007/452] ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 009/452] USB: serial: option: add Quectel BG95 modem Greg Kroah-Hartman
` (449 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+6912c9592caca7ca0e7d, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit 0125de38122f0f66bf61336158d12a1aabfe6425 upstream.
At closing a USB MIDI output substream, there might be still a pending
work, which would eventually access the rawmidi runtime object that is
being released. For fixing the race, make sure to cancel the pending
work at closing.
Reported-by: syzbot+6912c9592caca7ca0e7d@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/000000000000e7e75005dfd07cf6@google.com
Link: https://lore.kernel.org/r/20220525131203.11299-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/midi.c | 3 +++
1 file changed, 3 insertions(+)
--- a/sound/usb/midi.c
+++ b/sound/usb/midi.c
@@ -1161,6 +1161,9 @@ static int snd_usbmidi_output_open(struc
static int snd_usbmidi_output_close(struct snd_rawmidi_substream *substream)
{
+ struct usbmidi_out_port *port = substream->runtime->private_data;
+
+ cancel_work_sync(&port->ep->work);
return substream_open(substream, 0, 0);
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 009/452] USB: serial: option: add Quectel BG95 modem
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 008/452] ALSA: usb-audio: Cancel pending work at closing a MIDI substream Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 010/452] USB: new quirk for Dell Gen 2 devices Greg Kroah-Hartman
` (448 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Carl Yin, Johan Hovold
From: Carl Yin(殷张成) <carl.yin@quectel.com>
commit 33b7af2f459df453feb0d44628d820c47fefe7a8 upstream.
The BG95 modem has 3 USB configurations that are configurable via the AT
command AT+QCFGEXT="usbnet",["ecm"|"modem"|"rmnet"] which make the modem
enumerate with the following interfaces, respectively:
"modem": Diag + GNSS + Modem + Modem
"ecm" : Diag + GNSS + Modem + ECM
"rmnet": Diag + GNSS + Modem + QMI
Don't support Full QMI messages (e.g WDS_START_NETWORK_INTERFACE)
A detailed description of the USB configuration for each mode follows:
+QCFGEXT: "usbnet","modem"
--------------------------
T: Bus=01 Lev=02 Prnt=02 Port=01 Cnt=01 Dev#= 3 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=2c7c ProdID=0700 Rev= 0.00
S: Manufacturer=Quectel, Incorporated
S: Product=Quectel LPWA Module
S: SerialNumber=884328a2
C:* #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option
E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+QCFGEXT: "usbnet","ecm"
------------------------
T: Bus=01 Lev=02 Prnt=02 Port=01 Cnt=01 Dev#= 4 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=2c7c ProdID=0700 Rev= 0.00
S: Manufacturer=Quectel, Incorporated
S: Product=Quectel LPWA Module
S: SerialNumber=884328a2
C:* #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA
A: FirstIf#= 3 IfCount= 2 Cls=02(comm.) Sub=00 Prot=00
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 1 Cls=02(comm.) Sub=06 Prot=00 Driver=cdc_ether
E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
I: If#= 4 Alt= 0 #EPs= 0 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether
I:* If#= 4 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+QCFGEXT: "usbnet","rmnet"
--------------------------
T: Bus=01 Lev=02 Prnt=02 Port=01 Cnt=01 Dev#= 4 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=2c7c ProdID=0700 Rev= 0.00
S: Manufacturer=Quectel, Incorporated
S: Product=Quectel LPWA Module
S: SerialNumber=884328a2
C:* #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
Signed-off-by: Carl Yin <carl.yin@quectel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -1137,6 +1137,8 @@ static const struct usb_device_id option
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM12, 0xff, 0, 0) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, 0x0620, 0xff, 0xff, 0x30) }, /* EM160R-GL */
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, 0x0620, 0xff, 0, 0) },
+ { USB_DEVICE_INTERFACE_CLASS(QUECTEL_VENDOR_ID, 0x0700, 0xff), /* BG95 */
+ .driver_info = RSVD(3) | ZLP },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_RM500Q, 0xff, 0xff, 0x30) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_RM500Q, 0xff, 0, 0) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_RM500Q, 0xff, 0xff, 0x10),
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 010/452] USB: new quirk for Dell Gen 2 devices
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 009/452] USB: serial: option: add Quectel BG95 modem Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 011/452] usb: dwc3: gadget: Move null pinter check to proper place Greg Kroah-Hartman
` (447 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Monish Kumar R
From: Monish Kumar R <monish.kumar.r@intel.com>
commit 97fa5887cf283bb75ffff5f6b2c0e71794c02400 upstream.
Add USB_QUIRK_NO_LPM and USB_QUIRK_RESET_RESUME quirks for Dell usb gen
2 device to not fail during enumeration.
Found this bug on own testing
Signed-off-by: Monish Kumar R <monish.kumar.r@intel.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220520130044.17303-1-monish.kumar.r@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/quirks.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -511,6 +511,9 @@ static const struct usb_device_id usb_qu
/* DJI CineSSD */
{ USB_DEVICE(0x2ca3, 0x0031), .driver_info = USB_QUIRK_NO_LPM },
+ /* DELL USB GEN2 */
+ { USB_DEVICE(0x413c, 0xb062), .driver_info = USB_QUIRK_NO_LPM | USB_QUIRK_RESET_RESUME },
+
/* VCOM device */
{ USB_DEVICE(0x4296, 0x7570), .driver_info = USB_QUIRK_CONFIG_INTF_STRINGS },
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 011/452] usb: dwc3: gadget: Move null pinter check to proper place
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 010/452] USB: new quirk for Dell Gen 2 devices Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-08 11:33 ` Pavel Machek
2022-06-07 16:57 ` [PATCH 5.10 012/452] usb: core: hcd: Add support for deferring roothub registration Greg Kroah-Hartman
` (446 subsequent siblings)
457 siblings, 1 reply; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, stable, Albert Wang
From: Albert Wang <albertccwang@google.com>
commit 3c5880745b4439ac64eccdb040e37fc1cc4c5406 upstream.
When dwc3_gadget_ep_cleanup_completed_requests() called to
dwc3_gadget_giveback() where the dwc3 lock is released, other thread is
able to execute. In this situation, usb_ep_disable() gets the chance to
clear endpoint descriptor pointer which leds to the null pointer
dereference problem. So needs to move the null pointer check to a proper
place.
Example call stack:
Thread#1:
dwc3_thread_interrupt()
spin_lock
-> dwc3_process_event_buf()
-> dwc3_process_event_entry()
-> dwc3_endpoint_interrupt()
-> dwc3_gadget_endpoint_trbs_complete()
-> dwc3_gadget_ep_cleanup_completed_requests()
...
-> dwc3_giveback()
spin_unlock
Thread#2 executes
Thread#2:
configfs_composite_disconnect()
-> __composite_disconnect()
-> ffs_func_disable()
-> ffs_func_set_alt()
-> ffs_func_eps_disable()
-> usb_ep_disable()
wait for dwc3 spin_lock
Thread#1 released lock
clear endpoint.desc
Fixes: 26288448120b ("usb: dwc3: gadget: Fix null pointer exception")
Cc: stable <stable@kernel.org>
Signed-off-by: Albert Wang <albertccwang@google.com>
Link: https://lore.kernel.org/r/20220518061315.3359198-1-albertccwang@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/gadget.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -2960,14 +2960,14 @@ static bool dwc3_gadget_endpoint_trbs_co
struct dwc3 *dwc = dep->dwc;
bool no_started_trb = true;
- if (!dep->endpoint.desc)
- return no_started_trb;
-
dwc3_gadget_ep_cleanup_completed_requests(dep, event, status);
if (dep->flags & DWC3_EP_END_TRANSFER_PENDING)
goto out;
+ if (!dep->endpoint.desc)
+ return no_started_trb;
+
if (usb_endpoint_xfer_isoc(dep->endpoint.desc) &&
list_empty(&dep->started_list) &&
(list_empty(&dep->pending_list) || status == -EXDEV))
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 012/452] usb: core: hcd: Add support for deferring roothub registration
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 011/452] usb: dwc3: gadget: Move null pinter check to proper place Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 013/452] cifs: when extending a file with falloc we should make files not-sparse Greg Kroah-Hartman
` (445 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mathias Nyman, Chris Chiu,
Alan Stern, Kishon Vijay Abraham I
From: Kishon Vijay Abraham I <kishon@ti.com>
commit a44623d9279086c89f631201d993aa332f7c9e66 upstream.
It has been observed with certain PCIe USB cards (like Inateck connected
to AM64 EVM or J7200 EVM) that as soon as the primary roothub is
registered, port status change is handled even before xHC is running
leading to cold plug USB devices not detected. For such cases, registering
both the root hubs along with the second HCD is required. Add support for
deferring roothub registration in usb_add_hcd(), so that both primary and
secondary roothubs are registered along with the second HCD.
This patch has been added and reverted earier as it triggered a race
in usb device enumeration.
That race is now fixed in 5.16-rc3, and in stable back to 5.4
commit 6cca13de26ee ("usb: hub: Fix locking issues with address0_mutex")
commit 6ae6dc22d2d1 ("usb: hub: Fix usb enumeration issue due to address0
race")
CC: stable@vger.kernel.org # 5.4+
Suggested-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Tested-by: Chris Chiu <chris.chiu@canonical.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Link: https://lore.kernel.org/r/20220510091630.16564-2-kishon@ti.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/hcd.c | 29 +++++++++++++++++++++++------
include/linux/usb/hcd.h | 2 ++
2 files changed, 25 insertions(+), 6 deletions(-)
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -2661,6 +2661,7 @@ int usb_add_hcd(struct usb_hcd *hcd,
{
int retval;
struct usb_device *rhdev;
+ struct usb_hcd *shared_hcd;
if (!hcd->skip_phy_initialization && usb_hcd_is_primary_hcd(hcd)) {
hcd->phy_roothub = usb_phy_roothub_alloc(hcd->self.sysdev);
@@ -2817,13 +2818,26 @@ int usb_add_hcd(struct usb_hcd *hcd,
goto err_hcd_driver_start;
}
+ /* starting here, usbcore will pay attention to the shared HCD roothub */
+ shared_hcd = hcd->shared_hcd;
+ if (!usb_hcd_is_primary_hcd(hcd) && shared_hcd && HCD_DEFER_RH_REGISTER(shared_hcd)) {
+ retval = register_root_hub(shared_hcd);
+ if (retval != 0)
+ goto err_register_root_hub;
+
+ if (shared_hcd->uses_new_polling && HCD_POLL_RH(shared_hcd))
+ usb_hcd_poll_rh_status(shared_hcd);
+ }
+
/* starting here, usbcore will pay attention to this root hub */
- retval = register_root_hub(hcd);
- if (retval != 0)
- goto err_register_root_hub;
+ if (!HCD_DEFER_RH_REGISTER(hcd)) {
+ retval = register_root_hub(hcd);
+ if (retval != 0)
+ goto err_register_root_hub;
- if (hcd->uses_new_polling && HCD_POLL_RH(hcd))
- usb_hcd_poll_rh_status(hcd);
+ if (hcd->uses_new_polling && HCD_POLL_RH(hcd))
+ usb_hcd_poll_rh_status(hcd);
+ }
return retval;
@@ -2866,6 +2880,7 @@ EXPORT_SYMBOL_GPL(usb_add_hcd);
void usb_remove_hcd(struct usb_hcd *hcd)
{
struct usb_device *rhdev = hcd->self.root_hub;
+ bool rh_registered;
dev_info(hcd->self.controller, "remove, state %x\n", hcd->state);
@@ -2876,6 +2891,7 @@ void usb_remove_hcd(struct usb_hcd *hcd)
dev_dbg(hcd->self.controller, "roothub graceful disconnect\n");
spin_lock_irq (&hcd_root_hub_lock);
+ rh_registered = hcd->rh_registered;
hcd->rh_registered = 0;
spin_unlock_irq (&hcd_root_hub_lock);
@@ -2885,7 +2901,8 @@ void usb_remove_hcd(struct usb_hcd *hcd)
cancel_work_sync(&hcd->died_work);
mutex_lock(&usb_bus_idr_lock);
- usb_disconnect(&rhdev); /* Sets rhdev to NULL */
+ if (rh_registered)
+ usb_disconnect(&rhdev); /* Sets rhdev to NULL */
mutex_unlock(&usb_bus_idr_lock);
/*
--- a/include/linux/usb/hcd.h
+++ b/include/linux/usb/hcd.h
@@ -124,6 +124,7 @@ struct usb_hcd {
#define HCD_FLAG_RH_RUNNING 5 /* root hub is running? */
#define HCD_FLAG_DEAD 6 /* controller has died? */
#define HCD_FLAG_INTF_AUTHORIZED 7 /* authorize interfaces? */
+#define HCD_FLAG_DEFER_RH_REGISTER 8 /* Defer roothub registration */
/* The flags can be tested using these macros; they are likely to
* be slightly faster than test_bit().
@@ -134,6 +135,7 @@ struct usb_hcd {
#define HCD_WAKEUP_PENDING(hcd) ((hcd)->flags & (1U << HCD_FLAG_WAKEUP_PENDING))
#define HCD_RH_RUNNING(hcd) ((hcd)->flags & (1U << HCD_FLAG_RH_RUNNING))
#define HCD_DEAD(hcd) ((hcd)->flags & (1U << HCD_FLAG_DEAD))
+#define HCD_DEFER_RH_REGISTER(hcd) ((hcd)->flags & (1U << HCD_FLAG_DEFER_RH_REGISTER))
/*
* Specifies if interfaces are authorized by default
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 013/452] cifs: when extending a file with falloc we should make files not-sparse
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 012/452] usb: core: hcd: Add support for deferring roothub registration Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 014/452] xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI Greg Kroah-Hartman
` (444 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ronnie Sahlberg, Steve French
From: Ronnie Sahlberg <lsahlber@redhat.com>
commit f66f8b94e7f2f4ac9fffe710be231ca8f25c5057 upstream.
as this is the only way to make sure the region is allocated.
Fix the conditional that was wrong and only tried to make already
non-sparse files non-sparse.
Cc: stable@vger.kernel.org
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2ops.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -3632,7 +3632,7 @@ static long smb3_simple_falloc(struct fi
if (rc)
goto out;
- if ((cifsi->cifsAttrs & FILE_ATTRIBUTE_SPARSE_FILE) == 0)
+ if (cifsi->cifsAttrs & FILE_ATTRIBUTE_SPARSE_FILE)
smb2_set_sparse(xid, tcon, cfile, inode, false);
eof = cpu_to_le64(off + len);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 014/452] xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 013/452] cifs: when extending a file with falloc we should make files not-sparse Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 015/452] Fonts: Make font size unsigned in font_desc Greg Kroah-Hartman
` (443 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Gopal Vamshi Krishna, Mathias Nyman
From: Mathias Nyman <mathias.nyman@linux.intel.com>
commit 74f55a62c4c354f43a6d75f77dd184c4f57b9a26 upstream.
Alder Lake N TCSS xHCI needs to be runtime suspended whenever possible
to allow the TCSS hardware block to enter D3 and thus save energy
Cc: stable@kernel.org
Suggested-by: Gopal Vamshi Krishna <vamshi.krishna.gopal@intel.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20220511220450.85367-10-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-pci.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/host/xhci-pci.c
+++ b/drivers/usb/host/xhci-pci.c
@@ -59,6 +59,7 @@
#define PCI_DEVICE_ID_INTEL_TIGER_LAKE_XHCI 0x9a13
#define PCI_DEVICE_ID_INTEL_MAPLE_RIDGE_XHCI 0x1138
#define PCI_DEVICE_ID_INTEL_ALDER_LAKE_XHCI 0x461e
+#define PCI_DEVICE_ID_INTEL_ALDER_LAKE_N_XHCI 0x464e
#define PCI_DEVICE_ID_INTEL_ALDER_LAKE_PCH_XHCI 0x51ed
#define PCI_DEVICE_ID_AMD_PROMONTORYA_4 0x43b9
@@ -263,6 +264,7 @@ static void xhci_pci_quirks(struct devic
pdev->device == PCI_DEVICE_ID_INTEL_TIGER_LAKE_XHCI ||
pdev->device == PCI_DEVICE_ID_INTEL_MAPLE_RIDGE_XHCI ||
pdev->device == PCI_DEVICE_ID_INTEL_ALDER_LAKE_XHCI ||
+ pdev->device == PCI_DEVICE_ID_INTEL_ALDER_LAKE_N_XHCI ||
pdev->device == PCI_DEVICE_ID_INTEL_ALDER_LAKE_PCH_XHCI))
xhci->quirks |= XHCI_DEFAULT_PM_RUNTIME_ALLOW;
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 015/452] Fonts: Make font size unsigned in font_desc
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 014/452] xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 016/452] parisc/stifb: Keep track of hardware path of graphics card Greg Kroah-Hartman
` (442 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peilin Ye, Daniel Vetter, Helge Deller
From: Peilin Ye <yepeilin.cs@gmail.com>
commit 7cb415003468d41aecd6877ae088c38f6c0fc174 upstream.
`width` and `height` are defined as unsigned in our UAPI font descriptor
`struct console_font`. Make them unsigned in our kernel font descriptor
`struct font_desc`, too.
Also, change the corresponding printk() format identifiers from `%d` to
`%u`, in sti_select_fbfont().
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20201028105647.1210161-1-yepeilin.cs@gmail.com
Cc: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/console/sticore.c | 2 +-
include/linux/font.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/video/console/sticore.c
+++ b/drivers/video/console/sticore.c
@@ -503,7 +503,7 @@ sti_select_fbfont(struct sti_cooked_rom
if (!fbfont)
return NULL;
- pr_info("STI selected %dx%d framebuffer font %s for sticon\n",
+ pr_info("STI selected %ux%u framebuffer font %s for sticon\n",
fbfont->width, fbfont->height, fbfont->name);
bpc = ((fbfont->width+7)/8) * fbfont->height;
--- a/include/linux/font.h
+++ b/include/linux/font.h
@@ -16,7 +16,7 @@
struct font_desc {
int idx;
const char *name;
- int width, height;
+ unsigned int width, height;
const void *data;
int pref;
};
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 016/452] parisc/stifb: Keep track of hardware path of graphics card
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 015/452] Fonts: Make font size unsigned in font_desc Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 017/452] x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails Greg Kroah-Hartman
` (441 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller
From: Helge Deller <deller@gmx.de>
commit b046f984814af7985f444150ec28716d42d00d9a upstream.
Keep the pa_path (hardware path) of the graphics card in sti_struct and use
this info to give more useful info which card is currently being used.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org # v5.10+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/console/sticon.c | 5 ++++-
drivers/video/console/sticore.c | 15 +++++++--------
drivers/video/fbdev/sticore.h | 3 +++
3 files changed, 14 insertions(+), 9 deletions(-)
--- a/drivers/video/console/sticon.c
+++ b/drivers/video/console/sticon.c
@@ -46,6 +46,7 @@
#include <linux/slab.h>
#include <linux/font.h>
#include <linux/crc32.h>
+#include <linux/fb.h>
#include <asm/io.h>
@@ -392,7 +393,9 @@ static int __init sticonsole_init(void)
for (i = 0; i < MAX_NR_CONSOLES; i++)
font_data[i] = STI_DEF_FONT;
- pr_info("sticon: Initializing STI text console.\n");
+ pr_info("sticon: Initializing STI text console on %s at [%s]\n",
+ sticon_sti->sti_data->inq_outptr.dev_name,
+ sticon_sti->pa_path);
console_lock();
err = do_take_over_console(&sti_con, 0, MAX_NR_CONSOLES - 1,
PAGE0->mem_cons.cl_class != CL_DUPLEX);
--- a/drivers/video/console/sticore.c
+++ b/drivers/video/console/sticore.c
@@ -34,7 +34,7 @@
#include "../fbdev/sticore.h"
-#define STI_DRIVERVERSION "Version 0.9b"
+#define STI_DRIVERVERSION "Version 0.9c"
static struct sti_struct *default_sti __read_mostly;
@@ -503,7 +503,7 @@ sti_select_fbfont(struct sti_cooked_rom
if (!fbfont)
return NULL;
- pr_info("STI selected %ux%u framebuffer font %s for sticon\n",
+ pr_info(" using %ux%u framebuffer font %s\n",
fbfont->width, fbfont->height, fbfont->name);
bpc = ((fbfont->width+7)/8) * fbfont->height;
@@ -947,6 +947,7 @@ out_err:
static void sticore_check_for_default_sti(struct sti_struct *sti, char *path)
{
+ pr_info(" located at [%s]\n", sti->pa_path);
if (strcmp (path, default_sti_path) == 0)
default_sti = sti;
}
@@ -958,7 +959,6 @@ static void sticore_check_for_default_st
*/
static int __init sticore_pa_init(struct parisc_device *dev)
{
- char pa_path[21];
struct sti_struct *sti = NULL;
int hpa = dev->hpa.start;
@@ -971,8 +971,8 @@ static int __init sticore_pa_init(struct
if (!sti)
return 1;
- print_pa_hwpath(dev, pa_path);
- sticore_check_for_default_sti(sti, pa_path);
+ print_pa_hwpath(dev, sti->pa_path);
+ sticore_check_for_default_sti(sti, sti->pa_path);
return 0;
}
@@ -1008,9 +1008,8 @@ static int sticore_pci_init(struct pci_d
sti = sti_try_rom_generic(rom_base, fb_base, pd);
if (sti) {
- char pa_path[30];
- print_pci_hwpath(pd, pa_path);
- sticore_check_for_default_sti(sti, pa_path);
+ print_pci_hwpath(pd, sti->pa_path);
+ sticore_check_for_default_sti(sti, sti->pa_path);
}
if (!sti) {
--- a/drivers/video/fbdev/sticore.h
+++ b/drivers/video/fbdev/sticore.h
@@ -370,6 +370,9 @@ struct sti_struct {
/* pointer to all internal data */
struct sti_all_data *sti_data;
+
+ /* pa_path of this device */
+ char pa_path[24];
};
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 017/452] x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 016/452] parisc/stifb: Keep track of hardware path of graphics card Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 018/452] perf/x86/intel: Fix event constraints for ICL Greg Kroah-Hartman
` (440 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alviro Iskandar Setiawan,
Yazen Ghannam, Ammar Faizi, Borislav Petkov
From: Ammar Faizi <ammarfaizi2@gnuweeb.org>
commit e5f28623ceb103e13fc3d7bd45edf9818b227fd0 upstream.
In mce_threshold_create_device(), if threshold_create_bank() fails, the
previously allocated threshold banks array @bp will be leaked because
the call to mce_threshold_remove_device() will not free it.
This happens because mce_threshold_remove_device() fetches the pointer
through the threshold_banks per-CPU variable but bp is written there
only after the bank creation is successful, and not before, when
threshold_create_bank() fails.
Add a helper which unwinds all the bank creation work previously done
and pass into it the previously allocated threshold banks array for
freeing.
[ bp: Massage. ]
Fixes: 6458de97fc15 ("x86/mce/amd: Straighten CPU hotplug path")
Co-developed-by: Alviro Iskandar Setiawan <alviro.iskandar@gnuweeb.org>
Signed-off-by: Alviro Iskandar Setiawan <alviro.iskandar@gnuweeb.org>
Co-developed-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220329104705.65256-3-ammarfaizi2@gnuweeb.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/cpu/mce/amd.c | 32 +++++++++++++++++++-------------
1 file changed, 19 insertions(+), 13 deletions(-)
--- a/arch/x86/kernel/cpu/mce/amd.c
+++ b/arch/x86/kernel/cpu/mce/amd.c
@@ -1457,10 +1457,23 @@ out_free:
kfree(bank);
}
+static void __threshold_remove_device(struct threshold_bank **bp)
+{
+ unsigned int bank, numbanks = this_cpu_read(mce_num_banks);
+
+ for (bank = 0; bank < numbanks; bank++) {
+ if (!bp[bank])
+ continue;
+
+ threshold_remove_bank(bp[bank]);
+ bp[bank] = NULL;
+ }
+ kfree(bp);
+}
+
int mce_threshold_remove_device(unsigned int cpu)
{
struct threshold_bank **bp = this_cpu_read(threshold_banks);
- unsigned int bank, numbanks = this_cpu_read(mce_num_banks);
if (!bp)
return 0;
@@ -1471,13 +1484,7 @@ int mce_threshold_remove_device(unsigned
*/
this_cpu_write(threshold_banks, NULL);
- for (bank = 0; bank < numbanks; bank++) {
- if (bp[bank]) {
- threshold_remove_bank(bp[bank]);
- bp[bank] = NULL;
- }
- }
- kfree(bp);
+ __threshold_remove_device(bp);
return 0;
}
@@ -1514,15 +1521,14 @@ int mce_threshold_create_device(unsigned
if (!(this_cpu_read(bank_map) & (1 << bank)))
continue;
err = threshold_create_bank(bp, cpu, bank);
- if (err)
- goto out_err;
+ if (err) {
+ __threshold_remove_device(bp);
+ return err;
+ }
}
this_cpu_write(threshold_banks, bp);
if (thresholding_irq_en)
mce_threshold_vector = amd_threshold_interrupt;
return 0;
-out_err:
- mce_threshold_remove_device(cpu);
- return err;
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 018/452] perf/x86/intel: Fix event constraints for ICL
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 017/452] x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 019/452] ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP Greg Kroah-Hartman
` (439 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kan Liang, Ingo Molnar, Peter Zijlstra
From: Kan Liang <kan.liang@linux.intel.com>
commit 86dca369075b3e310c3c0adb0f81e513c562b5e4 upstream.
According to the latest event list, the event encoding 0x55
INST_DECODED.DECODERS and 0x56 UOPS_DECODED.DEC0 are only available on
the first 4 counters. Add them into the event constraints table.
Fixes: 6017608936c1 ("perf/x86/intel: Add Icelake support")
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220525133952.1660658-1-kan.liang@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/events/intel/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -254,7 +254,7 @@ static struct event_constraint intel_icl
INTEL_EVENT_CONSTRAINT_RANGE(0x03, 0x0a, 0xf),
INTEL_EVENT_CONSTRAINT_RANGE(0x1f, 0x28, 0xf),
INTEL_EVENT_CONSTRAINT(0x32, 0xf), /* SW_PREFETCH_ACCESS.* */
- INTEL_EVENT_CONSTRAINT_RANGE(0x48, 0x54, 0xf),
+ INTEL_EVENT_CONSTRAINT_RANGE(0x48, 0x56, 0xf),
INTEL_EVENT_CONSTRAINT_RANGE(0x60, 0x8b, 0xf),
INTEL_UEVENT_CONSTRAINT(0x04a3, 0xff), /* CYCLE_ACTIVITY.STALLS_TOTAL */
INTEL_UEVENT_CONSTRAINT(0x10a3, 0xff), /* CYCLE_ACTIVITY.CYCLES_MEM_ANY */
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 019/452] ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 018/452] perf/x86/intel: Fix event constraints for ICL Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 020/452] ptrace/xtensa: Replace PT_SINGLESTEP " Greg Kroah-Hartman
` (438 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johannes Berg, Kees Cook,
Oleg Nesterov, Eric W. Biederman
From: Eric W. Biederman <ebiederm@xmission.com>
commit c200e4bb44e80b343c09841e7caaaca0aac5e5fa upstream.
User mode linux is the last user of the PT_DTRACE flag. Using the flag to indicate
single stepping is a little confusing and worse changing tsk->ptrace without locking
could potentionally cause problems.
So use a thread info flag with a better name instead of flag in tsk->ptrace.
Remove the definition PT_DTRACE as uml is the last user.
Cc: stable@vger.kernel.org
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Tested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Link: https://lkml.kernel.org/r/20220505182645.497868-3-ebiederm@xmission.com
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/um/include/asm/thread_info.h | 2 ++
arch/um/kernel/exec.c | 2 +-
arch/um/kernel/process.c | 2 +-
arch/um/kernel/ptrace.c | 8 ++++----
arch/um/kernel/signal.c | 4 ++--
include/linux/ptrace.h | 1 -
6 files changed, 10 insertions(+), 9 deletions(-)
--- a/arch/um/include/asm/thread_info.h
+++ b/arch/um/include/asm/thread_info.h
@@ -63,6 +63,7 @@ static inline struct thread_info *curren
#define TIF_RESTORE_SIGMASK 7
#define TIF_NOTIFY_RESUME 8
#define TIF_SECCOMP 9 /* secure computing */
+#define TIF_SINGLESTEP 10 /* single stepping userspace */
#define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE)
#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
@@ -70,5 +71,6 @@ static inline struct thread_info *curren
#define _TIF_MEMDIE (1 << TIF_MEMDIE)
#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT)
#define _TIF_SECCOMP (1 << TIF_SECCOMP)
+#define _TIF_SINGLESTEP (1 << TIF_SINGLESTEP)
#endif
--- a/arch/um/kernel/exec.c
+++ b/arch/um/kernel/exec.c
@@ -44,7 +44,7 @@ void start_thread(struct pt_regs *regs,
{
PT_REGS_IP(regs) = eip;
PT_REGS_SP(regs) = esp;
- current->ptrace &= ~PT_DTRACE;
+ clear_thread_flag(TIF_SINGLESTEP);
#ifdef SUBARCH_EXECVE1
SUBARCH_EXECVE1(regs->regs);
#endif
--- a/arch/um/kernel/process.c
+++ b/arch/um/kernel/process.c
@@ -341,7 +341,7 @@ int singlestepping(void * t)
{
struct task_struct *task = t ? t : current;
- if (!(task->ptrace & PT_DTRACE))
+ if (!test_thread_flag(TIF_SINGLESTEP))
return 0;
if (task->thread.singlestep_syscall)
--- a/arch/um/kernel/ptrace.c
+++ b/arch/um/kernel/ptrace.c
@@ -12,7 +12,7 @@
void user_enable_single_step(struct task_struct *child)
{
- child->ptrace |= PT_DTRACE;
+ set_tsk_thread_flag(child, TIF_SINGLESTEP);
child->thread.singlestep_syscall = 0;
#ifdef SUBARCH_SET_SINGLESTEPPING
@@ -22,7 +22,7 @@ void user_enable_single_step(struct task
void user_disable_single_step(struct task_struct *child)
{
- child->ptrace &= ~PT_DTRACE;
+ clear_tsk_thread_flag(child, TIF_SINGLESTEP);
child->thread.singlestep_syscall = 0;
#ifdef SUBARCH_SET_SINGLESTEPPING
@@ -121,7 +121,7 @@ static void send_sigtrap(struct uml_pt_r
}
/*
- * XXX Check PT_DTRACE vs TIF_SINGLESTEP for singlestepping check and
+ * XXX Check TIF_SINGLESTEP for singlestepping check and
* PT_PTRACED vs TIF_SYSCALL_TRACE for syscall tracing check
*/
int syscall_trace_enter(struct pt_regs *regs)
@@ -145,7 +145,7 @@ void syscall_trace_leave(struct pt_regs
audit_syscall_exit(regs);
/* Fake a debug trap */
- if (ptraced & PT_DTRACE)
+ if (test_thread_flag(TIF_SINGLESTEP))
send_sigtrap(®s->regs, 0);
if (!test_thread_flag(TIF_SYSCALL_TRACE))
--- a/arch/um/kernel/signal.c
+++ b/arch/um/kernel/signal.c
@@ -53,7 +53,7 @@ static void handle_signal(struct ksignal
unsigned long sp;
int err;
- if ((current->ptrace & PT_DTRACE) && (current->ptrace & PT_PTRACED))
+ if (test_thread_flag(TIF_SINGLESTEP) && (current->ptrace & PT_PTRACED))
singlestep = 1;
/* Did we come from a system call? */
@@ -128,7 +128,7 @@ void do_signal(struct pt_regs *regs)
* on the host. The tracing thread will check this flag and
* PTRACE_SYSCALL if necessary.
*/
- if (current->ptrace & PT_DTRACE)
+ if (test_thread_flag(TIF_SINGLESTEP))
current->thread.singlestep_syscall =
is_syscall(PT_REGS_IP(¤t->thread.regs));
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
@@ -30,7 +30,6 @@ extern int ptrace_access_vm(struct task_
#define PT_SEIZED 0x00010000 /* SEIZE used, enable new behavior */
#define PT_PTRACED 0x00000001
-#define PT_DTRACE 0x00000002 /* delayed trace (used on m68k, i386) */
#define PT_OPT_FLAG_SHIFT 3
/* PT_TRACE_* event enable flags */
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 020/452] ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 019/452] ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 021/452] ptrace: Reimplement PTRACE_KILL by always sending SIGKILL Greg Kroah-Hartman
` (437 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Max Filippov, Kees Cook,
Oleg Nesterov, Eric W. Biederman
From: Eric W. Biederman <ebiederm@xmission.com>
commit 4a3d2717d140401df7501a95e454180831a0c5af upstream.
xtensa is the last user of the PT_SINGLESTEP flag. Changing tsk->ptrace in
user_enable_single_step and user_disable_single_step without locking could
potentiallly cause problems.
So use a thread info flag instead of a flag in tsk->ptrace. Use TIF_SINGLESTEP
that xtensa already had defined but unused.
Remove the definitions of PT_SINGLESTEP and PT_BLOCKSTEP as they have no more users.
Cc: stable@vger.kernel.org
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Tested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Link: https://lkml.kernel.org/r/20220505182645.497868-4-ebiederm@xmission.com
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/xtensa/kernel/ptrace.c | 4 ++--
arch/xtensa/kernel/signal.c | 4 ++--
include/linux/ptrace.h | 6 ------
3 files changed, 4 insertions(+), 10 deletions(-)
--- a/arch/xtensa/kernel/ptrace.c
+++ b/arch/xtensa/kernel/ptrace.c
@@ -226,12 +226,12 @@ const struct user_regset_view *task_user
void user_enable_single_step(struct task_struct *child)
{
- child->ptrace |= PT_SINGLESTEP;
+ set_tsk_thread_flag(child, TIF_SINGLESTEP);
}
void user_disable_single_step(struct task_struct *child)
{
- child->ptrace &= ~PT_SINGLESTEP;
+ clear_tsk_thread_flag(child, TIF_SINGLESTEP);
}
/*
--- a/arch/xtensa/kernel/signal.c
+++ b/arch/xtensa/kernel/signal.c
@@ -465,7 +465,7 @@ static void do_signal(struct pt_regs *re
/* Set up the stack frame */
ret = setup_frame(&ksig, sigmask_to_save(), regs);
signal_setup_done(ret, &ksig, 0);
- if (current->ptrace & PT_SINGLESTEP)
+ if (test_thread_flag(TIF_SINGLESTEP))
task_pt_regs(current)->icountlevel = 1;
return;
@@ -491,7 +491,7 @@ static void do_signal(struct pt_regs *re
/* If there's no signal to deliver, we just restore the saved mask. */
restore_saved_sigmask();
- if (current->ptrace & PT_SINGLESTEP)
+ if (test_thread_flag(TIF_SINGLESTEP))
task_pt_regs(current)->icountlevel = 1;
return;
}
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
@@ -46,12 +46,6 @@ extern int ptrace_access_vm(struct task_
#define PT_EXITKILL (PTRACE_O_EXITKILL << PT_OPT_FLAG_SHIFT)
#define PT_SUSPEND_SECCOMP (PTRACE_O_SUSPEND_SECCOMP << PT_OPT_FLAG_SHIFT)
-/* single stepping state bits (used on ARM and PA-RISC) */
-#define PT_SINGLESTEP_BIT 31
-#define PT_SINGLESTEP (1<<PT_SINGLESTEP_BIT)
-#define PT_BLOCKSTEP_BIT 30
-#define PT_BLOCKSTEP (1<<PT_BLOCKSTEP_BIT)
-
extern long arch_ptrace(struct task_struct *child, long request,
unsigned long addr, unsigned long data);
extern int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst, int len);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 021/452] ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 020/452] ptrace/xtensa: Replace PT_SINGLESTEP " Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 022/452] btrfs: add "0x" prefix for unsupported optional features Greg Kroah-Hartman
` (436 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Al Viro, Kees Cook, Oleg Nesterov,
Eric W. Biederman
From: Eric W. Biederman <ebiederm@xmission.com>
commit 6a2d90ba027adba528509ffa27097cffd3879257 upstream.
The current implementation of PTRACE_KILL is buggy and has been for
many years as it assumes it's target has stopped in ptrace_stop. At a
quick skim it looks like this assumption has existed since ptrace
support was added in linux v1.0.
While PTRACE_KILL has been deprecated we can not remove it as
a quick search with google code search reveals many existing
programs calling it.
When the ptracee is not stopped at ptrace_stop some fields would be
set that are ignored except in ptrace_stop. Making the userspace
visible behavior of PTRACE_KILL a noop in those case.
As the usual rules are not obeyed it is not clear what the
consequences are of calling PTRACE_KILL on a running process.
Presumably userspace does not do this as it achieves nothing.
Replace the implementation of PTRACE_KILL with a simple
send_sig_info(SIGKILL) followed by a return 0. This changes the
observable user space behavior only in that PTRACE_KILL on a process
not stopped in ptrace_stop will also kill it. As that has always
been the intent of the code this seems like a reasonable change.
Cc: stable@vger.kernel.org
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Tested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Link: https://lkml.kernel.org/r/20220505182645.497868-7-ebiederm@xmission.com
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/step.c | 3 +--
kernel/ptrace.c | 5 ++---
2 files changed, 3 insertions(+), 5 deletions(-)
--- a/arch/x86/kernel/step.c
+++ b/arch/x86/kernel/step.c
@@ -175,8 +175,7 @@ void set_task_blockstep(struct task_stru
*
* NOTE: this means that set/clear TIF_BLOCKSTEP is only safe if
* task is current or it can't be running, otherwise we can race
- * with __switch_to_xtra(). We rely on ptrace_freeze_traced() but
- * PTRACE_KILL is not safe.
+ * with __switch_to_xtra(). We rely on ptrace_freeze_traced().
*/
local_irq_disable();
debugctl = get_debugctlmsr();
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -1219,9 +1219,8 @@ int ptrace_request(struct task_struct *c
return ptrace_resume(child, request, data);
case PTRACE_KILL:
- if (child->exit_state) /* already dead */
- return 0;
- return ptrace_resume(child, request, SIGKILL);
+ send_sig_info(SIGKILL, SEND_SIG_NOINFO, child);
+ return 0;
#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
case PTRACE_GETREGSET:
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 022/452] btrfs: add "0x" prefix for unsupported optional features
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 021/452] ptrace: Reimplement PTRACE_KILL by always sending SIGKILL Greg Kroah-Hartman
@ 2022-06-07 16:57 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 023/452] btrfs: repair super block num_devices automatically Greg Kroah-Hartman
` (435 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:57 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, Qu Wenruo, David Sterba
From: Qu Wenruo <wqu@suse.com>
commit d5321a0fa8bc49f11bea0b470800962c17d92d8f upstream.
The following error message lack the "0x" obviously:
cannot mount because of unsupported optional features (4000)
Add the prefix to make it less confusing. This can happen on older
kernels that try to mount a filesystem with newer features so it makes
sense to backport to older trees.
CC: stable@vger.kernel.org # 4.14+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/disk-io.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -3061,7 +3061,7 @@ int __cold open_ctree(struct super_block
~BTRFS_FEATURE_INCOMPAT_SUPP;
if (features) {
btrfs_err(fs_info,
- "cannot mount because of unsupported optional features (%llx)",
+ "cannot mount because of unsupported optional features (0x%llx)",
features);
err = -EINVAL;
goto fail_alloc;
@@ -3099,7 +3099,7 @@ int __cold open_ctree(struct super_block
~BTRFS_FEATURE_COMPAT_RO_SUPP;
if (!sb_rdonly(sb) && features) {
btrfs_err(fs_info,
- "cannot mount read-write because of unsupported optional features (%llx)",
+ "cannot mount read-write because of unsupported optional features (0x%llx)",
features);
err = -EINVAL;
goto fail_alloc;
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 023/452] btrfs: repair super block num_devices automatically
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2022-06-07 16:57 ` [PATCH 5.10 022/452] btrfs: add "0x" prefix for unsupported optional features Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 024/452] iommu/vt-d: Add RPLS to quirk list to skip TE disabling Greg Kroah-Hartman
` (434 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luca Béla Palkovics, Qu Wenruo,
David Sterba
From: Qu Wenruo <wqu@suse.com>
commit d201238ccd2f30b9bfcfadaeae0972e3a486a176 upstream.
[BUG]
There is a report that a btrfs has a bad super block num devices.
This makes btrfs to reject the fs completely.
BTRFS error (device sdd3): super_num_devices 3 mismatch with num_devices 2 found here
BTRFS error (device sdd3): failed to read chunk tree: -22
BTRFS error (device sdd3): open_ctree failed
[CAUSE]
During btrfs device removal, chunk tree and super block num devs are
updated in two different transactions:
btrfs_rm_device()
|- btrfs_rm_dev_item(device)
| |- trans = btrfs_start_transaction()
| | Now we got transaction X
| |
| |- btrfs_del_item()
| | Now device item is removed from chunk tree
| |
| |- btrfs_commit_transaction()
| Transaction X got committed, super num devs untouched,
| but device item removed from chunk tree.
| (AKA, super num devs is already incorrect)
|
|- cur_devices->num_devices--;
|- cur_devices->total_devices--;
|- btrfs_set_super_num_devices()
All those operations are not in transaction X, thus it will
only be written back to disk in next transaction.
So after the transaction X in btrfs_rm_dev_item() committed, but before
transaction X+1 (which can be minutes away), a power loss happen, then
we got the super num mismatch.
This has been fixed by commit bbac58698a55 ("btrfs: remove device item
and update super block in the same transaction").
[FIX]
Make the super_num_devices check less strict, converting it from a hard
error to a warning, and reset the value to a correct one for the current
or next transaction commit.
As the number of device items is the critical information where the
super block num_devices is only a cached value (and also useful for
cross checking), it's safe to automatically update it. Other device
related problems like missing device are handled after that and may
require other means to resolve, like degraded mount. With this fix,
potentially affected filesystems won't fail mount and require the manual
repair by btrfs check.
Reported-by: Luca Béla Palkovics <luca.bela.palkovics@gmail.com>
Link: https://lore.kernel.org/linux-btrfs/CA+8xDSpvdm_U0QLBAnrH=zqDq_cWCOH5TiV46CKmp3igr44okQ@mail.gmail.com/
CC: stable@vger.kernel.org # 4.14+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/volumes.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -7191,12 +7191,12 @@ int btrfs_read_chunk_tree(struct btrfs_f
* do another round of validation checks.
*/
if (total_dev != fs_info->fs_devices->total_devices) {
- btrfs_err(fs_info,
- "super_num_devices %llu mismatch with num_devices %llu found here",
+ btrfs_warn(fs_info,
+"super block num_devices %llu mismatch with DEV_ITEM count %llu, will be repaired on next transaction commit",
btrfs_super_num_devices(fs_info->super_copy),
total_dev);
- ret = -EINVAL;
- goto error;
+ fs_info->fs_devices->total_devices = total_dev;
+ btrfs_set_super_num_devices(fs_info->super_copy, total_dev);
}
if (btrfs_super_total_bytes(fs_info->super_copy) <
fs_info->fs_devices->total_rw_bytes) {
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 024/452] iommu/vt-d: Add RPLS to quirk list to skip TE disabling
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 023/452] btrfs: repair super block num_devices automatically Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 025/452] drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes Greg Kroah-Hartman
` (433 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Raviteja Goud Talla, Rodrigo Vivi,
Lu Baolu, Tejas Upadhyay, Sasha Levin
From: Tejas Upadhyay <tejaskumarx.surendrakumar.upadhyay@intel.com>
[ Upstream commit 0a967f5bfd9134b89681cae58deb222e20840e76 ]
The VT-d spec requires (10.4.4 Global Command Register, TE
field) that:
Hardware implementations supporting DMA draining must drain
any in-flight DMA read/write requests queued within the
Root-Complex before completing the translation enable
command and reflecting the status of the command through
the TES field in the Global Status register.
Unfortunately, some integrated graphic devices fail to do
so after some kind of power state transition. As the
result, the system might stuck in iommu_disable_translati
on(), waiting for the completion of TE transition.
This adds RPLS to a quirk list for those devices and skips
TE disabling if the qurik hits.
Link: https://gitlab.freedesktop.org/drm/intel/-/issues/4898
Tested-by: Raviteja Goud Talla <ravitejax.goud.talla@intel.com>
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
Acked-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Tejas Upadhyay <tejaskumarx.surendrakumar.upadhyay@intel.com>
Reviewed-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220302043256.191529-1-tejaskumarx.surendrakumar.upadhyay@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/intel/iommu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index 21749859ad45..477dde39823c 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -6296,7 +6296,7 @@ static void quirk_igfx_skip_te_disable(struct pci_dev *dev)
ver = (dev->device >> 8) & 0xff;
if (ver != 0x45 && ver != 0x46 && ver != 0x4c &&
ver != 0x4e && ver != 0x8a && ver != 0x98 &&
- ver != 0x9a)
+ ver != 0x9a && ver != 0xa7)
return;
if (risky_device(dev))
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 025/452] drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 024/452] iommu/vt-d: Add RPLS to quirk list to skip TE disabling Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 026/452] selftests/bpf: Fix vfs_link kprobe definition Greg Kroah-Hartman
` (432 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liu Zixian, Gerd Hoffmann, Sasha Levin
From: Liu Zixian <liuzixian4@huawei.com>
[ Upstream commit 194d250cdc4a40ccbd179afd522a9e9846957402 ]
drm_cvt_mode may return NULL and we should check it.
This bug is found by syzkaller:
FAULT_INJECTION stacktrace:
[ 168.567394] FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
[ 168.567403] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1
[ 168.567406] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
[ 168.567408] Call trace:
[ 168.567414] dump_backtrace+0x0/0x310
[ 168.567418] show_stack+0x28/0x38
[ 168.567423] dump_stack+0xec/0x15c
[ 168.567427] should_fail+0x3ac/0x3d0
[ 168.567437] __should_failslab+0xb8/0x120
[ 168.567441] should_failslab+0x28/0xc0
[ 168.567445] kmem_cache_alloc_trace+0x50/0x640
[ 168.567454] drm_mode_create+0x40/0x90
[ 168.567458] drm_cvt_mode+0x48/0xc78
[ 168.567477] virtio_gpu_conn_get_modes+0xa8/0x140 [virtio_gpu]
[ 168.567485] drm_helper_probe_single_connector_modes+0x3a4/0xd80
[ 168.567492] drm_mode_getconnector+0x2e0/0xa70
[ 168.567496] drm_ioctl_kernel+0x11c/0x1d8
[ 168.567514] drm_ioctl+0x558/0x6d0
[ 168.567522] do_vfs_ioctl+0x160/0xf30
[ 168.567525] ksys_ioctl+0x98/0xd8
[ 168.567530] __arm64_sys_ioctl+0x50/0xc8
[ 168.567536] el0_svc_common+0xc8/0x320
[ 168.567540] el0_svc_handler+0xf8/0x160
[ 168.567544] el0_svc+0x10/0x218
KASAN stacktrace:
[ 168.567561] BUG: KASAN: null-ptr-deref in virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu]
[ 168.567565] Read of size 4 at addr 0000000000000054 by task syz/6425
[ 168.567566]
[ 168.567571] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1
[ 168.567573] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
[ 168.567575] Call trace:
[ 168.567578] dump_backtrace+0x0/0x310
[ 168.567582] show_stack+0x28/0x38
[ 168.567586] dump_stack+0xec/0x15c
[ 168.567591] kasan_report+0x244/0x2f0
[ 168.567594] __asan_load4+0x58/0xb0
[ 168.567607] virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu]
[ 168.567612] drm_helper_probe_single_connector_modes+0x3a4/0xd80
[ 168.567617] drm_mode_getconnector+0x2e0/0xa70
[ 168.567621] drm_ioctl_kernel+0x11c/0x1d8
[ 168.567624] drm_ioctl+0x558/0x6d0
[ 168.567628] do_vfs_ioctl+0x160/0xf30
[ 168.567632] ksys_ioctl+0x98/0xd8
[ 168.567636] __arm64_sys_ioctl+0x50/0xc8
[ 168.567641] el0_svc_common+0xc8/0x320
[ 168.567645] el0_svc_handler+0xf8/0x160
[ 168.567649] el0_svc+0x10/0x218
Signed-off-by: Liu Zixian <liuzixian4@huawei.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20220322091730.1653-1-liuzixian4@huawei.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/virtio/virtgpu_display.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/virtio/virtgpu_display.c b/drivers/gpu/drm/virtio/virtgpu_display.c
index f84b7e61311b..9b2b99e85342 100644
--- a/drivers/gpu/drm/virtio/virtgpu_display.c
+++ b/drivers/gpu/drm/virtio/virtgpu_display.c
@@ -177,6 +177,8 @@ static int virtio_gpu_conn_get_modes(struct drm_connector *connector)
DRM_DEBUG("add mode: %dx%d\n", width, height);
mode = drm_cvt_mode(connector->dev, width, height, 60,
false, false, false);
+ if (!mode)
+ return count;
mode->type |= DRM_MODE_TYPE_PREFERRED;
drm_mode_probed_add(connector, mode);
count++;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 026/452] selftests/bpf: Fix vfs_link kprobe definition
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 025/452] drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-08 11:38 ` Pavel Machek
2022-06-07 16:58 ` [PATCH 5.10 027/452] mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue Greg Kroah-Hartman
` (431 subsequent siblings)
457 siblings, 1 reply; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikolay Borisov, Andrii Nakryiko,
Sasha Levin
From: Nikolay Borisov <nborisov@suse.com>
[ Upstream commit e299bcd4d16ff86f46c48df1062c8aae0eca1ed8 ]
Since commit 6521f8917082 ("namei: prepare for idmapped mounts")
vfs_link's prototype was changed, the kprobe definition in
profiler selftest in turn wasn't updated. The result is that all
argument after the first are now stored in different registers. This
means that self-test has been broken ever since. Fix it by updating the
kprobe definition accordingly.
Signed-off-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20220331140949.1410056-1-nborisov@suse.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/progs/profiler.inc.h | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/bpf/progs/profiler.inc.h b/tools/testing/selftests/bpf/progs/profiler.inc.h
index 4896fdf816f7..92331053dba3 100644
--- a/tools/testing/selftests/bpf/progs/profiler.inc.h
+++ b/tools/testing/selftests/bpf/progs/profiler.inc.h
@@ -826,8 +826,9 @@ int kprobe_ret__do_filp_open(struct pt_regs* ctx)
SEC("kprobe/vfs_link")
int BPF_KPROBE(kprobe__vfs_link,
- struct dentry* old_dentry, struct inode* dir,
- struct dentry* new_dentry, struct inode** delegated_inode)
+ struct dentry* old_dentry, struct user_namespace *mnt_userns,
+ struct inode* dir, struct dentry* new_dentry,
+ struct inode** delegated_inode)
{
struct bpf_func_stats_ctx stats_ctx;
bpf_stats_enter(&stats_ctx, profiler_bpf_vfs_link);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 027/452] mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 026/452] selftests/bpf: Fix vfs_link kprobe definition Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 028/452] b43legacy: Fix assigning negative value to unsigned variable Greg Kroah-Hartman
` (430 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Norris, Niels Dossche,
Kalle Valo, Sasha Levin
From: Niels Dossche <dossche.niels@gmail.com>
[ Upstream commit 3e12968f6d12a34b540c39cbd696a760cc4616f0 ]
cfg80211_ch_switch_notify uses ASSERT_WDEV_LOCK to assert that
net_device->ieee80211_ptr->mtx (which is the same as priv->wdev.mtx)
is held during the function's execution.
mwifiex_dfs_chan_sw_work_queue is one of its callers, which does not
hold that lock, therefore violating the assertion.
Add a lock around the call.
Disclaimer:
I am currently working on a static analyser to detect missing locks.
This was a reported case. I manually verified the report by looking
at the code, so that I do not send wrong information or patches.
After concluding that this seems to be a true positive, I created
this patch.
However, as I do not in fact have this particular hardware,
I was unable to test it.
Reviewed-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Niels Dossche <dossche.niels@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220321225515.32113-1-dossche.niels@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/11h.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/wireless/marvell/mwifiex/11h.c b/drivers/net/wireless/marvell/mwifiex/11h.c
index d2ee6469e67b..3fa25cd64cda 100644
--- a/drivers/net/wireless/marvell/mwifiex/11h.c
+++ b/drivers/net/wireless/marvell/mwifiex/11h.c
@@ -303,5 +303,7 @@ void mwifiex_dfs_chan_sw_work_queue(struct work_struct *work)
mwifiex_dbg(priv->adapter, MSG,
"indicating channel switch completion to kernel\n");
+ mutex_lock(&priv->wdev.mtx);
cfg80211_ch_switch_notify(priv->netdev, &priv->dfs_chandef);
+ mutex_unlock(&priv->wdev.mtx);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 028/452] b43legacy: Fix assigning negative value to unsigned variable
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 027/452] mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 029/452] b43: " Greg Kroah-Hartman
` (429 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haowen Bai, Kalle Valo, Sasha Levin
From: Haowen Bai <baihaowen@meizu.com>
[ Upstream commit 3f6b867559b3d43a7ce1b4799b755e812fc0d503 ]
fix warning reported by smatch:
drivers/net/wireless/broadcom/b43legacy/phy.c:1181 b43legacy_phy_lo_b_measure()
warn: assigning (-772) to unsigned variable 'fval'
Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/1648203433-8736-1-git-send-email-baihaowen@meizu.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/b43legacy/phy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/b43legacy/phy.c b/drivers/net/wireless/broadcom/b43legacy/phy.c
index 05404fbd1e70..c1395e622759 100644
--- a/drivers/net/wireless/broadcom/b43legacy/phy.c
+++ b/drivers/net/wireless/broadcom/b43legacy/phy.c
@@ -1123,7 +1123,7 @@ void b43legacy_phy_lo_b_measure(struct b43legacy_wldev *dev)
struct b43legacy_phy *phy = &dev->phy;
u16 regstack[12] = { 0 };
u16 mls;
- u16 fval;
+ s16 fval;
int i;
int j;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 029/452] b43: Fix assigning negative value to unsigned variable
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 028/452] b43legacy: Fix assigning negative value to unsigned variable Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 030/452] ipw2x00: Fix potential NULL dereference in libipw_xmit() Greg Kroah-Hartman
` (428 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haowen Bai, Kalle Valo, Sasha Levin
From: Haowen Bai <baihaowen@meizu.com>
[ Upstream commit 11800d893b38e0e12d636c170c1abc19c43c730c ]
fix warning reported by smatch:
drivers/net/wireless/broadcom/b43/phy_n.c:585 b43_nphy_adjust_lna_gain_table()
warn: assigning (-2) to unsigned variable '*(lna_gain[0])'
Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/1648203315-28093-1-git-send-email-baihaowen@meizu.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/b43/phy_n.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/broadcom/b43/phy_n.c b/drivers/net/wireless/broadcom/b43/phy_n.c
index 665b737fbb0d..39975b7d1a16 100644
--- a/drivers/net/wireless/broadcom/b43/phy_n.c
+++ b/drivers/net/wireless/broadcom/b43/phy_n.c
@@ -582,7 +582,7 @@ static void b43_nphy_adjust_lna_gain_table(struct b43_wldev *dev)
u16 data[4];
s16 gain[2];
u16 minmax[2];
- static const u16 lna_gain[4] = { -2, 10, 19, 25 };
+ static const s16 lna_gain[4] = { -2, 10, 19, 25 };
if (nphy->hang_avoid)
b43_nphy_stay_in_carrier_search(dev, 1);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 030/452] ipw2x00: Fix potential NULL dereference in libipw_xmit()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 029/452] b43: " Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 031/452] ipv6: fix locking issues with loops over idev->addr_list Greg Kroah-Hartman
` (427 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haowen Bai, Kalle Valo, Sasha Levin
From: Haowen Bai <baihaowen@meizu.com>
[ Upstream commit e8366bbabe1d207cf7c5b11ae50e223ae6fc278b ]
crypt and crypt->ops could be null, so we need to checking null
before dereference
Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/1648797055-25730-1-git-send-email-baihaowen@meizu.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/ipw2x00/libipw_tx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/ipw2x00/libipw_tx.c b/drivers/net/wireless/intel/ipw2x00/libipw_tx.c
index d9baa2fa603b..e4c60caa6543 100644
--- a/drivers/net/wireless/intel/ipw2x00/libipw_tx.c
+++ b/drivers/net/wireless/intel/ipw2x00/libipw_tx.c
@@ -383,7 +383,7 @@ netdev_tx_t libipw_xmit(struct sk_buff *skb, struct net_device *dev)
/* Each fragment may need to have room for encryption
* pre/postfix */
- if (host_encrypt)
+ if (host_encrypt && crypt && crypt->ops)
bytes_per_frag -= crypt->ops->extra_mpdu_prefix_len +
crypt->ops->extra_mpdu_postfix_len;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 031/452] ipv6: fix locking issues with loops over idev->addr_list
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 030/452] ipw2x00: Fix potential NULL dereference in libipw_xmit() Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 032/452] fbcon: Consistently protect deferred_takeover with console_lock() Greg Kroah-Hartman
` (426 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paolo Abeni, Niels Dossche,
Jakub Kicinski, Sasha Levin
From: Niels Dossche <dossche.niels@gmail.com>
[ Upstream commit 51454ea42c1ab4e0c2828bb0d4d53957976980de ]
idev->addr_list needs to be protected by idev->lock. However, it is not
always possible to do so while iterating and performing actions on
inet6_ifaddr instances. For example, multiple functions (like
addrconf_{join,leave}_anycast) eventually call down to other functions
that acquire the idev->lock. The current code temporarily unlocked the
idev->lock during the loops, which can cause race conditions. Moving the
locks up is also not an appropriate solution as the ordering of lock
acquisition will be inconsistent with for example mc_lock.
This solution adds an additional field to inet6_ifaddr that is used
to temporarily add the instances to a temporary list while holding
idev->lock. The temporary list can then be traversed without holding
idev->lock. This change was done in two places. In addrconf_ifdown, the
list_for_each_entry_safe variant of the list loop is also no longer
necessary as there is no deletion within that specific loop.
Suggested-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Niels Dossche <dossche.niels@gmail.com>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Link: https://lore.kernel.org/r/20220403231523.45843-1-dossche.niels@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/if_inet6.h | 8 ++++++++
net/ipv6/addrconf.c | 30 ++++++++++++++++++++++++------
2 files changed, 32 insertions(+), 6 deletions(-)
diff --git a/include/net/if_inet6.h b/include/net/if_inet6.h
index 8bf5906073bc..e03ba8e80781 100644
--- a/include/net/if_inet6.h
+++ b/include/net/if_inet6.h
@@ -64,6 +64,14 @@ struct inet6_ifaddr {
struct hlist_node addr_lst;
struct list_head if_list;
+ /*
+ * Used to safely traverse idev->addr_list in process context
+ * if the idev->lock needed to protect idev->addr_list cannot be held.
+ * In that case, add the items to this list temporarily and iterate
+ * without holding idev->lock.
+ * See addrconf_ifdown and dev_forward_change.
+ */
+ struct list_head if_list_aux;
struct list_head tmp_list;
struct inet6_ifaddr *ifpub;
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 86bcb1825698..4584bb50960b 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -789,6 +789,7 @@ static void dev_forward_change(struct inet6_dev *idev)
{
struct net_device *dev;
struct inet6_ifaddr *ifa;
+ LIST_HEAD(tmp_addr_list);
if (!idev)
return;
@@ -807,14 +808,24 @@ static void dev_forward_change(struct inet6_dev *idev)
}
}
+ read_lock_bh(&idev->lock);
list_for_each_entry(ifa, &idev->addr_list, if_list) {
if (ifa->flags&IFA_F_TENTATIVE)
continue;
+ list_add_tail(&ifa->if_list_aux, &tmp_addr_list);
+ }
+ read_unlock_bh(&idev->lock);
+
+ while (!list_empty(&tmp_addr_list)) {
+ ifa = list_first_entry(&tmp_addr_list,
+ struct inet6_ifaddr, if_list_aux);
+ list_del(&ifa->if_list_aux);
if (idev->cnf.forwarding)
addrconf_join_anycast(ifa);
else
addrconf_leave_anycast(ifa);
}
+
inet6_netconf_notify_devconf(dev_net(dev), RTM_NEWNETCONF,
NETCONFA_FORWARDING,
dev->ifindex, &idev->cnf);
@@ -3710,7 +3721,8 @@ static int addrconf_ifdown(struct net_device *dev, bool unregister)
unsigned long event = unregister ? NETDEV_UNREGISTER : NETDEV_DOWN;
struct net *net = dev_net(dev);
struct inet6_dev *idev;
- struct inet6_ifaddr *ifa, *tmp;
+ struct inet6_ifaddr *ifa;
+ LIST_HEAD(tmp_addr_list);
bool keep_addr = false;
bool was_ready;
int state, i;
@@ -3802,16 +3814,23 @@ static int addrconf_ifdown(struct net_device *dev, bool unregister)
write_lock_bh(&idev->lock);
}
- list_for_each_entry_safe(ifa, tmp, &idev->addr_list, if_list) {
+ list_for_each_entry(ifa, &idev->addr_list, if_list)
+ list_add_tail(&ifa->if_list_aux, &tmp_addr_list);
+ write_unlock_bh(&idev->lock);
+
+ while (!list_empty(&tmp_addr_list)) {
struct fib6_info *rt = NULL;
bool keep;
+ ifa = list_first_entry(&tmp_addr_list,
+ struct inet6_ifaddr, if_list_aux);
+ list_del(&ifa->if_list_aux);
+
addrconf_del_dad_work(ifa);
keep = keep_addr && (ifa->flags & IFA_F_PERMANENT) &&
!addr_is_local(&ifa->addr);
- write_unlock_bh(&idev->lock);
spin_lock_bh(&ifa->lock);
if (keep) {
@@ -3842,15 +3861,14 @@ static int addrconf_ifdown(struct net_device *dev, bool unregister)
addrconf_leave_solict(ifa->idev, &ifa->addr);
}
- write_lock_bh(&idev->lock);
if (!keep) {
+ write_lock_bh(&idev->lock);
list_del_rcu(&ifa->if_list);
+ write_unlock_bh(&idev->lock);
in6_ifa_put(ifa);
}
}
- write_unlock_bh(&idev->lock);
-
/* Step 5: Discard anycast and multicast list */
if (unregister) {
ipv6_ac_destroy_dev(idev);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 032/452] fbcon: Consistently protect deferred_takeover with console_lock()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 031/452] ipv6: fix locking issues with loops over idev->addr_list Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 033/452] x86/platform/uv: Update TSC sync state for UV5 Greg Kroah-Hartman
` (425 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sam Ravnborg, Daniel Vetter,
Daniel Vetter, Du Cheng, Tetsuo Handa, Claudio Suarez,
Thomas Zimmermann, Sasha Levin
From: Daniel Vetter <daniel.vetter@ffwll.ch>
[ Upstream commit 43553559121ca90965b572cf8a1d6d0fd618b449 ]
This shouldn't be a problem in practice since until we've actually
taken over the console there's nothing we've registered with the
console/vt subsystem, so the exit/unbind path that check this can't
do the wrong thing. But it's confusing, so fix it by moving it a tad
later.
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: Du Cheng <ducheng2@gmail.com>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Claudio Suarez <cssk@net-c.es>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20220405210335.3434130-14-daniel.vetter@ffwll.ch
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/core/fbcon.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
index f102519ccefb..13de2bebb09a 100644
--- a/drivers/video/fbdev/core/fbcon.c
+++ b/drivers/video/fbdev/core/fbcon.c
@@ -3300,6 +3300,9 @@ static void fbcon_register_existing_fbs(struct work_struct *work)
console_lock();
+ deferred_takeover = false;
+ logo_shown = FBCON_LOGO_DONTSHOW;
+
for_each_registered_fb(i)
fbcon_fb_registered(registered_fb[i]);
@@ -3317,8 +3320,6 @@ static int fbcon_output_notifier(struct notifier_block *nb,
pr_info("fbcon: Taking over console\n");
dummycon_unregister_output_notifier(&fbcon_output_nb);
- deferred_takeover = false;
- logo_shown = FBCON_LOGO_DONTSHOW;
/* We may get called in atomic context */
schedule_work(&fbcon_deferred_takeover_work);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 033/452] x86/platform/uv: Update TSC sync state for UV5
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 032/452] fbcon: Consistently protect deferred_takeover with console_lock() Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 034/452] ACPICA: Avoid cache flush inside virtual machines Greg Kroah-Hartman
` (424 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Travis, Steve Wahl,
Borislav Petkov, Dimitri Sivanich, Thomas Gleixner, Sasha Levin
From: Mike Travis <mike.travis@hpe.com>
[ Upstream commit bb3ab81bdbd53f88f26ffabc9fb15bd8466486ec ]
The UV5 platform synchronizes the TSCs among all chassis, and will not
proceed to OS boot without achieving synchronization. Previous UV
platforms provided a register indicating successful synchronization.
This is no longer available on UV5. On this platform TSC_ADJUST
should not be reset by the kernel.
Signed-off-by: Mike Travis <mike.travis@hpe.com>
Signed-off-by: Steve Wahl <steve.wahl@hpe.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Dimitri Sivanich <dimitri.sivanich@hpe.com>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20220406195149.228164-3-steve.wahl@hpe.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/apic/x2apic_uv_x.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
index 40f466de8924..9c283562dfd4 100644
--- a/arch/x86/kernel/apic/x2apic_uv_x.c
+++ b/arch/x86/kernel/apic/x2apic_uv_x.c
@@ -199,7 +199,13 @@ static void __init uv_tsc_check_sync(void)
int mmr_shift;
char *state;
- /* Different returns from different UV BIOS versions */
+ /* UV5 guarantees synced TSCs; do not zero TSC_ADJUST */
+ if (!is_uv(UV2|UV3|UV4)) {
+ mark_tsc_async_resets("UV5+");
+ return;
+ }
+
+ /* UV2,3,4, UV BIOS TSC sync state available */
mmr = uv_early_read_mmr(UVH_TSC_SYNC_MMR);
mmr_shift =
is_uv2_hub() ? UVH_TSC_SYNC_SHIFT_UV2K : UVH_TSC_SYNC_SHIFT;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 034/452] ACPICA: Avoid cache flush inside virtual machines
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 033/452] x86/platform/uv: Update TSC sync state for UV5 Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 035/452] drm/komeda: return early if drm_universal_plane_init() fails Greg Kroah-Hartman
` (423 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kirill A. Shutemov, Dave Hansen,
Dan Williams, Thomas Gleixner, Sasha Levin
From: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
[ Upstream commit e2efb6359e620521d1e13f69b2257de8ceaa9475 ]
While running inside virtual machine, the kernel can bypass cache
flushing. Changing sleep state in a virtual machine doesn't affect the
host system sleep state and cannot lead to data loss.
Before entering sleep states, the ACPI code flushes caches to prevent
data loss using the WBINVD instruction. This mechanism is required on
bare metal.
But, any use WBINVD inside of a guest is worthless. Changing sleep
state in a virtual machine doesn't affect the host system sleep state
and cannot lead to data loss, so most hypervisors simply ignore it.
Despite this, the ACPI code calls WBINVD unconditionally anyway.
It's useless, but also normally harmless.
In TDX guests, though, WBINVD stops being harmless; it triggers a
virtualization exception (#VE). If the ACPI cache-flushing WBINVD
were left in place, TDX guests would need handling to recover from
the exception.
Avoid using WBINVD whenever running under a hypervisor. This both
removes the useless WBINVDs and saves TDX from implementing WBINVD
handling.
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20220405232939.73860-30-kirill.shutemov@linux.intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/acenv.h | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/acenv.h b/arch/x86/include/asm/acenv.h
index 9aff97f0de7f..d937c55e717e 100644
--- a/arch/x86/include/asm/acenv.h
+++ b/arch/x86/include/asm/acenv.h
@@ -13,7 +13,19 @@
/* Asm macros */
-#define ACPI_FLUSH_CPU_CACHE() wbinvd()
+/*
+ * ACPI_FLUSH_CPU_CACHE() flushes caches on entering sleep states.
+ * It is required to prevent data loss.
+ *
+ * While running inside virtual machine, the kernel can bypass cache flushing.
+ * Changing sleep state in a virtual machine doesn't affect the host system
+ * sleep state and cannot lead to data loss.
+ */
+#define ACPI_FLUSH_CPU_CACHE() \
+do { \
+ if (!cpu_feature_enabled(X86_FEATURE_HYPERVISOR)) \
+ wbinvd(); \
+} while (0)
int __acpi_acquire_global_lock(unsigned int *lock);
int __acpi_release_global_lock(unsigned int *lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 035/452] drm/komeda: return early if drm_universal_plane_init() fails.
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 034/452] ACPICA: Avoid cache flush inside virtual machines Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 036/452] rcu-tasks: Fix race in schedule and flush work Greg Kroah-Hartman
` (422 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Steven Price, Liviu Dudau, Sasha Levin
From: Liviu Dudau <liviu.dudau@arm.com>
[ Upstream commit c8f76c37cc3668ee45e081e76a15f24a352ebbdd ]
If drm_universal_plane_init() fails early we jump to the common cleanup code
that calls komeda_plane_destroy() which in turn could access the uninitalised
drm_plane and crash. Return early if an error is detected without going through
the common code.
Reported-by: Steven Price <steven.price@arm.com>
Reviewed-by: Steven Price <steven.price@arm.com>
Signed-off-by: Liviu Dudau <liviu.dudau@arm.com>
Link: https://lore.kernel.org/dri-devel/20211203100946.2706922-1-liviu.dudau@arm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/arm/display/komeda/komeda_plane.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/arm/display/komeda/komeda_plane.c b/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
index 98e915e325dd..a5f57b38d193 100644
--- a/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
+++ b/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
@@ -274,8 +274,10 @@ static int komeda_plane_add(struct komeda_kms_dev *kms,
komeda_put_fourcc_list(formats);
- if (err)
- goto cleanup;
+ if (err) {
+ kfree(kplane);
+ return err;
+ }
drm_plane_helper_add(plane, &komeda_plane_helper_funcs);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 036/452] rcu-tasks: Fix race in schedule and flush work
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 035/452] drm/komeda: return early if drm_universal_plane_init() fails Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 037/452] rcu: Make TASKS_RUDE_RCU select IRQ_WORK Greg Kroah-Hartman
` (421 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul E. McKenney,
Padmanabha Srinivasaiah, Sasha Levin
From: Padmanabha Srinivasaiah <treasure4paddy@gmail.com>
[ Upstream commit f75fd4b9221d93177c50dcfde671b2e907f53e86 ]
While booting secondary CPUs, cpus_read_[lock/unlock] is not keeping
online cpumask stable. The transient online mask results in below
calltrace.
[ 0.324121] CPU1: Booted secondary processor 0x0000000001 [0x410fd083]
[ 0.346652] Detected PIPT I-cache on CPU2
[ 0.347212] CPU2: Booted secondary processor 0x0000000002 [0x410fd083]
[ 0.377255] Detected PIPT I-cache on CPU3
[ 0.377823] CPU3: Booted secondary processor 0x0000000003 [0x410fd083]
[ 0.379040] ------------[ cut here ]------------
[ 0.383662] WARNING: CPU: 0 PID: 10 at kernel/workqueue.c:3084 __flush_work+0x12c/0x138
[ 0.384850] Modules linked in:
[ 0.385403] CPU: 0 PID: 10 Comm: rcu_tasks_rude_ Not tainted 5.17.0-rc3-v8+ #13
[ 0.386473] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)
[ 0.387289] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 0.388308] pc : __flush_work+0x12c/0x138
[ 0.388970] lr : __flush_work+0x80/0x138
[ 0.389620] sp : ffffffc00aaf3c60
[ 0.390139] x29: ffffffc00aaf3d20 x28: ffffffc009c16af0 x27: ffffff80f761df48
[ 0.391316] x26: 0000000000000004 x25: 0000000000000003 x24: 0000000000000100
[ 0.392493] x23: ffffffffffffffff x22: ffffffc009c16b10 x21: ffffffc009c16b28
[ 0.393668] x20: ffffffc009e53861 x19: ffffff80f77fbf40 x18: 00000000d744fcc9
[ 0.394842] x17: 000000000000000b x16: 00000000000001c2 x15: ffffffc009e57550
[ 0.396016] x14: 0000000000000000 x13: ffffffffffffffff x12: 0000000100000000
[ 0.397190] x11: 0000000000000462 x10: ffffff8040258008 x9 : 0000000100000000
[ 0.398364] x8 : 0000000000000000 x7 : ffffffc0093c8bf4 x6 : 0000000000000000
[ 0.399538] x5 : 0000000000000000 x4 : ffffffc00a976e40 x3 : ffffffc00810444c
[ 0.400711] x2 : 0000000000000004 x1 : 0000000000000000 x0 : 0000000000000000
[ 0.401886] Call trace:
[ 0.402309] __flush_work+0x12c/0x138
[ 0.402941] schedule_on_each_cpu+0x228/0x278
[ 0.403693] rcu_tasks_rude_wait_gp+0x130/0x144
[ 0.404502] rcu_tasks_kthread+0x220/0x254
[ 0.405264] kthread+0x174/0x1ac
[ 0.405837] ret_from_fork+0x10/0x20
[ 0.406456] irq event stamp: 102
[ 0.406966] hardirqs last enabled at (101): [<ffffffc0093c8468>] _raw_spin_unlock_irq+0x78/0xb4
[ 0.408304] hardirqs last disabled at (102): [<ffffffc0093b8270>] el1_dbg+0x24/0x5c
[ 0.409410] softirqs last enabled at (54): [<ffffffc0081b80c8>] local_bh_enable+0xc/0x2c
[ 0.410645] softirqs last disabled at (50): [<ffffffc0081b809c>] local_bh_disable+0xc/0x2c
[ 0.411890] ---[ end trace 0000000000000000 ]---
[ 0.413000] smp: Brought up 1 node, 4 CPUs
[ 0.413762] SMP: Total of 4 processors activated.
[ 0.414566] CPU features: detected: 32-bit EL0 Support
[ 0.415414] CPU features: detected: 32-bit EL1 Support
[ 0.416278] CPU features: detected: CRC32 instructions
[ 0.447021] Callback from call_rcu_tasks_rude() invoked.
[ 0.506693] Callback from call_rcu_tasks() invoked.
This commit therefore fixes this issue by applying a single-CPU
optimization to the RCU Tasks Rude grace-period process. The key point
here is that the purpose of this RCU flavor is to force a schedule on
each online CPU since some past event. But the rcu_tasks_rude_wait_gp()
function runs in the context of the RCU Tasks Rude's grace-period kthread,
so there must already have been a context switch on the current CPU since
the call to either synchronize_rcu_tasks_rude() or call_rcu_tasks_rude().
So if there is only a single CPU online, RCU Tasks Rude's grace-period
kthread does not need to anything at all.
It turns out that the rcu_tasks_rude_wait_gp() function's call to
schedule_on_each_cpu() causes problems during early boot. During that
time, there is only one online CPU, namely the boot CPU. Therefore,
applying this single-CPU optimization fixes early-boot instances of
this problem.
Link: https://lore.kernel.org/lkml/20220210184319.25009-1-treasure4paddy@gmail.com/T/
Suggested-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Padmanabha Srinivasaiah <treasure4paddy@gmail.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/tasks.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/rcu/tasks.h b/kernel/rcu/tasks.h
index 7c05c5ab7865..14af29fe1377 100644
--- a/kernel/rcu/tasks.h
+++ b/kernel/rcu/tasks.h
@@ -620,6 +620,9 @@ static void rcu_tasks_be_rude(struct work_struct *work)
// Wait for one rude RCU-tasks grace period.
static void rcu_tasks_rude_wait_gp(struct rcu_tasks *rtp)
{
+ if (num_online_cpus() <= 1)
+ return; // Fastpath for only one CPU.
+
rtp->n_ipis += cpumask_weight(cpu_online_mask);
schedule_on_each_cpu(rcu_tasks_be_rude);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 037/452] rcu: Make TASKS_RUDE_RCU select IRQ_WORK
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 036/452] rcu-tasks: Fix race in schedule and flush work Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 038/452] sfc: ef10: Fix assigning negative value to unsigned variable Greg Kroah-Hartman
` (420 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hyeonggon Yoo, Paul E. McKenney, Sasha Levin
From: Paul E. McKenney <paulmck@kernel.org>
[ Upstream commit 46e861be589881e0905b9ade3d8439883858721c ]
The TASKS_RUDE_RCU does not select IRQ_WORK, which can result in build
failures for kernels that do not otherwise select IRQ_WORK. This commit
therefore causes the TASKS_RUDE_RCU Kconfig option to select IRQ_WORK.
Reported-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/rcu/Kconfig b/kernel/rcu/Kconfig
index b71e21f73c40..cd6e11403f1b 100644
--- a/kernel/rcu/Kconfig
+++ b/kernel/rcu/Kconfig
@@ -86,6 +86,7 @@ config TASKS_RCU
config TASKS_RUDE_RCU
def_bool 0
+ select IRQ_WORK
help
This option enables a task-based RCU implementation that uses
only context switch (including preemption) and user-mode
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 038/452] sfc: ef10: Fix assigning negative value to unsigned variable
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 037/452] rcu: Make TASKS_RUDE_RCU select IRQ_WORK Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 039/452] ALSA: jack: Access input_dev under mutex Greg Kroah-Hartman
` (419 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haowen Bai, Edward Cree,
Jakub Kicinski, Sasha Levin
From: Haowen Bai <baihaowen@meizu.com>
[ Upstream commit b8ff3395fbdf3b79a99d0ef410fc34c51044121e ]
fix warning reported by smatch:
251 drivers/net/ethernet/sfc/ef10.c:2259 efx_ef10_tx_tso_desc()
warn: assigning (-208) to unsigned variable 'ip_tot_len'
Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Acked-by: Edward Cree <ecree.xilinx@gmail.com>
Link: https://lore.kernel.org/r/1649640757-30041-1-git-send-email-baihaowen@meizu.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/sfc/ef10.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/sfc/ef10.c b/drivers/net/ethernet/sfc/ef10.c
index 6f950979d25e..fa1a872c4bc8 100644
--- a/drivers/net/ethernet/sfc/ef10.c
+++ b/drivers/net/ethernet/sfc/ef10.c
@@ -2240,7 +2240,7 @@ int efx_ef10_tx_tso_desc(struct efx_tx_queue *tx_queue, struct sk_buff *skb,
* guaranteed to satisfy the second as we only attempt TSO if
* inner_network_header <= 208.
*/
- ip_tot_len = -EFX_TSO2_MAX_HDRLEN;
+ ip_tot_len = 0x10000 - EFX_TSO2_MAX_HDRLEN;
EFX_WARN_ON_ONCE_PARANOID(mss + EFX_TSO2_MAX_HDRLEN +
(tcp->doff << 2u) > ip_tot_len);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 039/452] ALSA: jack: Access input_dev under mutex
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 038/452] sfc: ef10: Fix assigning negative value to unsigned variable Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 040/452] spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction Greg Kroah-Hartman
` (418 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amadeusz Sławiński,
Cezary Rojewski, Takashi Iwai, Sasha Levin
From: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
[ Upstream commit 1b6a6fc5280e97559287b61eade2d4b363e836f2 ]
It is possible when using ASoC that input_dev is unregistered while
calling snd_jack_report, which causes NULL pointer dereference.
In order to prevent this serialize access to input_dev using mutex lock.
Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
Reviewed-by: Cezary Rojewski <cezary.rojewski@intel.com>
Link: https://lore.kernel.org/r/20220412091628.3056922-1-amadeuszx.slawinski@linux.intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/sound/jack.h | 1 +
sound/core/jack.c | 34 +++++++++++++++++++++++++++-------
2 files changed, 28 insertions(+), 7 deletions(-)
diff --git a/include/sound/jack.h b/include/sound/jack.h
index 9eb2b5ec1ec4..78f3619f3de9 100644
--- a/include/sound/jack.h
+++ b/include/sound/jack.h
@@ -62,6 +62,7 @@ struct snd_jack {
const char *id;
#ifdef CONFIG_SND_JACK_INPUT_DEV
struct input_dev *input_dev;
+ struct mutex input_dev_lock;
int registered;
int type;
char name[100];
diff --git a/sound/core/jack.c b/sound/core/jack.c
index dc2e06ae2414..45e28db6ea38 100644
--- a/sound/core/jack.c
+++ b/sound/core/jack.c
@@ -34,8 +34,11 @@ static int snd_jack_dev_disconnect(struct snd_device *device)
#ifdef CONFIG_SND_JACK_INPUT_DEV
struct snd_jack *jack = device->device_data;
- if (!jack->input_dev)
+ mutex_lock(&jack->input_dev_lock);
+ if (!jack->input_dev) {
+ mutex_unlock(&jack->input_dev_lock);
return 0;
+ }
/* If the input device is registered with the input subsystem
* then we need to use a different deallocator. */
@@ -44,6 +47,7 @@ static int snd_jack_dev_disconnect(struct snd_device *device)
else
input_free_device(jack->input_dev);
jack->input_dev = NULL;
+ mutex_unlock(&jack->input_dev_lock);
#endif /* CONFIG_SND_JACK_INPUT_DEV */
return 0;
}
@@ -82,8 +86,11 @@ static int snd_jack_dev_register(struct snd_device *device)
snprintf(jack->name, sizeof(jack->name), "%s %s",
card->shortname, jack->id);
- if (!jack->input_dev)
+ mutex_lock(&jack->input_dev_lock);
+ if (!jack->input_dev) {
+ mutex_unlock(&jack->input_dev_lock);
return 0;
+ }
jack->input_dev->name = jack->name;
@@ -108,6 +115,7 @@ static int snd_jack_dev_register(struct snd_device *device)
if (err == 0)
jack->registered = 1;
+ mutex_unlock(&jack->input_dev_lock);
return err;
}
#endif /* CONFIG_SND_JACK_INPUT_DEV */
@@ -228,9 +236,11 @@ int snd_jack_new(struct snd_card *card, const char *id, int type,
return -ENOMEM;
}
- /* don't creat input device for phantom jack */
- if (!phantom_jack) {
#ifdef CONFIG_SND_JACK_INPUT_DEV
+ mutex_init(&jack->input_dev_lock);
+
+ /* don't create input device for phantom jack */
+ if (!phantom_jack) {
int i;
jack->input_dev = input_allocate_device();
@@ -248,8 +258,8 @@ int snd_jack_new(struct snd_card *card, const char *id, int type,
input_set_capability(jack->input_dev, EV_SW,
jack_switch_types[i]);
-#endif /* CONFIG_SND_JACK_INPUT_DEV */
}
+#endif /* CONFIG_SND_JACK_INPUT_DEV */
err = snd_device_new(card, SNDRV_DEV_JACK, jack, &ops);
if (err < 0)
@@ -289,10 +299,14 @@ EXPORT_SYMBOL(snd_jack_new);
void snd_jack_set_parent(struct snd_jack *jack, struct device *parent)
{
WARN_ON(jack->registered);
- if (!jack->input_dev)
+ mutex_lock(&jack->input_dev_lock);
+ if (!jack->input_dev) {
+ mutex_unlock(&jack->input_dev_lock);
return;
+ }
jack->input_dev->dev.parent = parent;
+ mutex_unlock(&jack->input_dev_lock);
}
EXPORT_SYMBOL(snd_jack_set_parent);
@@ -340,6 +354,8 @@ EXPORT_SYMBOL(snd_jack_set_key);
/**
* snd_jack_report - Report the current status of a jack
+ * Note: This function uses mutexes and should be called from a
+ * context which can sleep (such as a workqueue).
*
* @jack: The jack to report status for
* @status: The current status of the jack
@@ -359,8 +375,11 @@ void snd_jack_report(struct snd_jack *jack, int status)
status & jack_kctl->mask_bits);
#ifdef CONFIG_SND_JACK_INPUT_DEV
- if (!jack->input_dev)
+ mutex_lock(&jack->input_dev_lock);
+ if (!jack->input_dev) {
+ mutex_unlock(&jack->input_dev_lock);
return;
+ }
for (i = 0; i < ARRAY_SIZE(jack->key); i++) {
int testbit = SND_JACK_BTN_0 >> i;
@@ -379,6 +398,7 @@ void snd_jack_report(struct snd_jack *jack, int status)
}
input_sync(jack->input_dev);
+ mutex_unlock(&jack->input_dev_lock);
#endif /* CONFIG_SND_JACK_INPUT_DEV */
}
EXPORT_SYMBOL(snd_jack_report);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 040/452] spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 039/452] ALSA: jack: Access input_dev under mutex Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 041/452] tools/power turbostat: fix ICX DRAM power numbers Greg Kroah-Hartman
` (417 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Biju Das, Vinod Koul,
Geert Uytterhoeven, Mark Brown, Sasha Levin
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit 6f381481a5b236cb53d6de2c49c6ef83a4d0f432 ]
The direction field in the DMA config is deprecated. The rspi driver
sets {src,dst}_{addr,addr_width} based on the DMA direction and
it results in dmaengine_slave_config() failure as RZ DMAC driver
validates {src,dst}_addr_width values independent of DMA direction.
This patch fixes the issue by passing both {src,dst}_{addr,addr_width}
values independent of DMA direction.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Suggested-by: Vinod Koul <vkoul@kernel.org>
Reviewed-by: Vinod Koul <vkoul@kernel.org>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20220411173115.6619-1-biju.das.jz@bp.renesas.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-rspi.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/drivers/spi/spi-rspi.c b/drivers/spi/spi-rspi.c
index e39fd38f5180..ea03cc589e61 100644
--- a/drivers/spi/spi-rspi.c
+++ b/drivers/spi/spi-rspi.c
@@ -1107,14 +1107,11 @@ static struct dma_chan *rspi_request_dma_chan(struct device *dev,
}
memset(&cfg, 0, sizeof(cfg));
+ cfg.dst_addr = port_addr + RSPI_SPDR;
+ cfg.src_addr = port_addr + RSPI_SPDR;
+ cfg.dst_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
+ cfg.src_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
cfg.direction = dir;
- if (dir == DMA_MEM_TO_DEV) {
- cfg.dst_addr = port_addr;
- cfg.dst_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
- } else {
- cfg.src_addr = port_addr;
- cfg.src_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
- }
ret = dmaengine_slave_config(chan, &cfg);
if (ret) {
@@ -1145,12 +1142,12 @@ static int rspi_request_dma(struct device *dev, struct spi_controller *ctlr,
}
ctlr->dma_tx = rspi_request_dma_chan(dev, DMA_MEM_TO_DEV, dma_tx_id,
- res->start + RSPI_SPDR);
+ res->start);
if (!ctlr->dma_tx)
return -ENODEV;
ctlr->dma_rx = rspi_request_dma_chan(dev, DMA_DEV_TO_MEM, dma_rx_id,
- res->start + RSPI_SPDR);
+ res->start);
if (!ctlr->dma_rx) {
dma_release_channel(ctlr->dma_tx);
ctlr->dma_tx = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 041/452] tools/power turbostat: fix ICX DRAM power numbers
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 040/452] spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 042/452] drm/amd/pm: fix double free in si_parse_power_table() Greg Kroah-Hartman
` (416 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Srinivas Pandruvada, Len Brown, Sasha Levin
From: Len Brown <len.brown@intel.com>
[ Upstream commit 6397b6418935773a34b533b3348b03f4ce3d7050 ]
ICX (and its duplicates) require special hard-coded DRAM RAPL units,
rather than using the generic RAPL energy units.
Reported-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/power/x86/turbostat/turbostat.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c
index 424ed19a9d54..ef65f7eed1ec 100644
--- a/tools/power/x86/turbostat/turbostat.c
+++ b/tools/power/x86/turbostat/turbostat.c
@@ -4189,6 +4189,7 @@ rapl_dram_energy_units_probe(int model, double rapl_energy_units)
case INTEL_FAM6_HASWELL_X: /* HSX */
case INTEL_FAM6_BROADWELL_X: /* BDX */
case INTEL_FAM6_XEON_PHI_KNL: /* KNL */
+ case INTEL_FAM6_ICELAKE_X: /* ICX */
return (rapl_dram_energy_units = 15.3 / 1000000);
default:
return (rapl_energy_units);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 042/452] drm/amd/pm: fix double free in si_parse_power_table()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 041/452] tools/power turbostat: fix ICX DRAM power numbers Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 043/452] ath9k: fix QCA9561 PA bias level Greg Kroah-Hartman
` (415 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Keita Suzuki, Alex Deucher, Sasha Levin
From: Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
[ Upstream commit f3fa2becf2fc25b6ac7cf8d8b1a2e4a86b3b72bd ]
In function si_parse_power_table(), array adev->pm.dpm.ps and its member
is allocated. If the allocation of each member fails, the array itself
is freed and returned with an error code. However, the array is later
freed again in si_dpm_fini() function which is called when the function
returns an error.
This leads to potential double free of the array adev->pm.dpm.ps, as
well as leak of its array members, since the members are not freed in
the allocation function and the array is not nulled when freed.
In addition adev->pm.dpm.num_ps, which keeps track of the allocated
array member, is not updated until the member allocation is
successfully finished, this could also lead to either use after free,
or uninitialized variable access in si_dpm_fini().
Fix this by postponing the free of the array until si_dpm_fini() and
increment adev->pm.dpm.num_ps everytime the array member is allocated.
Signed-off-by: Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/pm/powerplay/si_dpm.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/amd/pm/powerplay/si_dpm.c b/drivers/gpu/drm/amd/pm/powerplay/si_dpm.c
index a1e7ba5995c5..d6544a6dabc7 100644
--- a/drivers/gpu/drm/amd/pm/powerplay/si_dpm.c
+++ b/drivers/gpu/drm/amd/pm/powerplay/si_dpm.c
@@ -7250,17 +7250,15 @@ static int si_parse_power_table(struct amdgpu_device *adev)
if (!adev->pm.dpm.ps)
return -ENOMEM;
power_state_offset = (u8 *)state_array->states;
- for (i = 0; i < state_array->ucNumEntries; i++) {
+ for (adev->pm.dpm.num_ps = 0, i = 0; i < state_array->ucNumEntries; i++) {
u8 *idx;
power_state = (union pplib_power_state *)power_state_offset;
non_clock_array_index = power_state->v2.nonClockInfoIndex;
non_clock_info = (struct _ATOM_PPLIB_NONCLOCK_INFO *)
&non_clock_info_array->nonClockInfo[non_clock_array_index];
ps = kzalloc(sizeof(struct si_ps), GFP_KERNEL);
- if (ps == NULL) {
- kfree(adev->pm.dpm.ps);
+ if (ps == NULL)
return -ENOMEM;
- }
adev->pm.dpm.ps[i].ps_priv = ps;
si_parse_pplib_non_clock_info(adev, &adev->pm.dpm.ps[i],
non_clock_info,
@@ -7282,8 +7280,8 @@ static int si_parse_power_table(struct amdgpu_device *adev)
k++;
}
power_state_offset += 2 + power_state->v2.ucNumDPMLevels;
+ adev->pm.dpm.num_ps++;
}
- adev->pm.dpm.num_ps = state_array->ucNumEntries;
/* fill in the vce power states */
for (i = 0; i < adev->pm.dpm.num_of_vce_states; i++) {
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 043/452] ath9k: fix QCA9561 PA bias level
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 042/452] drm/amd/pm: fix double free in si_parse_power_table() Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 044/452] media: venus: hfi: avoid null dereference in deinit Greg Kroah-Hartman
` (414 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thibaut VARÈNE, Felix Fietkau,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
From: Thibaut VARÈNE <hacks+kernel@slashdirt.org>
[ Upstream commit e999a5da28a0e0f7de242d841ef7d5e48f4646ae ]
This patch fixes an invalid TX PA DC bias level on QCA9561, which
results in a very low output power and very low throughput as devices
are further away from the AP (compared to other 2.4GHz APs).
This patch was suggested by Felix Fietkau, who noted[1]:
"The value written to that register is wrong, because while the mask
definition AR_CH0_TOP2_XPABIASLVL uses a different value for 9561, the
shift definition AR_CH0_TOP2_XPABIASLVL_S is hardcoded to 12, which is
wrong for 9561."
In real life testing, without this patch the 2.4GHz throughput on
Yuncore XD3200 is around 10Mbps sitting next to the AP, and closer to
practical maximum with the patch applied.
[1] https://lore.kernel.org/all/91c58969-c60e-2f41-00ac-737786d435ae@nbd.name
Signed-off-by: Thibaut VARÈNE <hacks+kernel@slashdirt.org>
Acked-by: Felix Fietkau <nbd@nbd.name>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220417145145.1847-1-hacks+kernel@slashdirt.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/ar9003_phy.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath9k/ar9003_phy.h b/drivers/net/wireless/ath/ath9k/ar9003_phy.h
index a171dbb29fbb..ad949eb02f3d 100644
--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.h
+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.h
@@ -720,7 +720,7 @@
#define AR_CH0_TOP2 (AR_SREV_9300(ah) ? 0x1628c : \
(AR_SREV_9462(ah) ? 0x16290 : 0x16284))
#define AR_CH0_TOP2_XPABIASLVL (AR_SREV_9561(ah) ? 0x1e00 : 0xf000)
-#define AR_CH0_TOP2_XPABIASLVL_S 12
+#define AR_CH0_TOP2_XPABIASLVL_S (AR_SREV_9561(ah) ? 9 : 12)
#define AR_CH0_XTAL (AR_SREV_9300(ah) ? 0x16294 : \
((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0x16298 : \
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 044/452] media: venus: hfi: avoid null dereference in deinit
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 043/452] ath9k: fix QCA9561 PA bias level Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 045/452] media: pci: cx23885: Fix the error handling in cx23885_initdev() Greg Kroah-Hartman
` (413 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luca Weiss, Stanimir Varbanov,
Mauro Carvalho Chehab, Sasha Levin
From: Luca Weiss <luca.weiss@fairphone.com>
[ Upstream commit 86594f6af867b5165d2ba7b5a71fae3a5961e56c ]
If venus_probe fails at pm_runtime_put_sync the error handling first
calls hfi_destroy and afterwards hfi_core_deinit. As hfi_destroy sets
core->ops to NULL, hfi_core_deinit cannot call the core_deinit function
anymore.
Avoid this null pointer derefence by skipping the call when necessary.
Signed-off-by: Luca Weiss <luca.weiss@fairphone.com>
Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/qcom/venus/hfi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/media/platform/qcom/venus/hfi.c b/drivers/media/platform/qcom/venus/hfi.c
index a59022adb14c..966b4d9b57a9 100644
--- a/drivers/media/platform/qcom/venus/hfi.c
+++ b/drivers/media/platform/qcom/venus/hfi.c
@@ -104,6 +104,9 @@ int hfi_core_deinit(struct venus_core *core, bool blocking)
mutex_lock(&core->lock);
}
+ if (!core->ops)
+ goto unlock;
+
ret = core->ops->core_deinit(core);
if (!ret)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 045/452] media: pci: cx23885: Fix the error handling in cx23885_initdev()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 044/452] media: venus: hfi: avoid null dereference in deinit Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 046/452] media: cx25821: Fix the warning when removing the module Greg Kroah-Hartman
` (412 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit e8123311cf06d7dae71e8c5fe78e0510d20cd30b ]
When the driver fails to call the dma_set_mask(), the driver will get
the following splat:
[ 55.853884] BUG: KASAN: use-after-free in __process_removed_driver+0x3c/0x240
[ 55.854486] Read of size 8 at addr ffff88810de60408 by task modprobe/590
[ 55.856822] Call Trace:
[ 55.860327] __process_removed_driver+0x3c/0x240
[ 55.861347] bus_for_each_dev+0x102/0x160
[ 55.861681] i2c_del_driver+0x2f/0x50
This is because the driver has initialized the i2c related resources
in cx23885_dev_setup() but not released them in error handling, fix this
bug by modifying the error path that jumps after failing to call the
dma_set_mask().
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/cx23885/cx23885-core.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/media/pci/cx23885/cx23885-core.c b/drivers/media/pci/cx23885/cx23885-core.c
index 4e8132d4b2df..a23c025595a0 100644
--- a/drivers/media/pci/cx23885/cx23885-core.c
+++ b/drivers/media/pci/cx23885/cx23885-core.c
@@ -2154,7 +2154,7 @@ static int cx23885_initdev(struct pci_dev *pci_dev,
err = pci_set_dma_mask(pci_dev, 0xffffffff);
if (err) {
pr_err("%s/0: Oops: no 32bit PCI DMA ???\n", dev->name);
- goto fail_ctrl;
+ goto fail_dma_set_mask;
}
err = request_irq(pci_dev->irq, cx23885_irq,
@@ -2162,7 +2162,7 @@ static int cx23885_initdev(struct pci_dev *pci_dev,
if (err < 0) {
pr_err("%s: can't get IRQ %d\n",
dev->name, pci_dev->irq);
- goto fail_irq;
+ goto fail_dma_set_mask;
}
switch (dev->board) {
@@ -2184,7 +2184,7 @@ static int cx23885_initdev(struct pci_dev *pci_dev,
return 0;
-fail_irq:
+fail_dma_set_mask:
cx23885_dev_unregister(dev);
fail_ctrl:
v4l2_ctrl_handler_free(hdl);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 046/452] media: cx25821: Fix the warning when removing the module
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 045/452] media: pci: cx23885: Fix the error handling in cx23885_initdev() Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 047/452] md/bitmap: dont set sb values if cant pass sanity check Greg Kroah-Hartman
` (411 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 2203436a4d24302871617373a7eb21bc17e38762 ]
When removing the module, we will get the following warning:
[ 14.746697] remove_proc_entry: removing non-empty directory 'irq/21', leaking at least 'cx25821[1]'
[ 14.747449] WARNING: CPU: 4 PID: 368 at fs/proc/generic.c:717 remove_proc_entry+0x389/0x3f0
[ 14.751611] RIP: 0010:remove_proc_entry+0x389/0x3f0
[ 14.759589] Call Trace:
[ 14.759792] <TASK>
[ 14.759975] unregister_irq_proc+0x14c/0x170
[ 14.760340] irq_free_descs+0x94/0xe0
[ 14.760640] mp_unmap_irq+0xb6/0x100
[ 14.760937] acpi_unregister_gsi_ioapic+0x27/0x40
[ 14.761334] acpi_pci_irq_disable+0x1d3/0x320
[ 14.761688] pci_disable_device+0x1ad/0x380
[ 14.762027] ? _raw_spin_unlock_irqrestore+0x2d/0x60
[ 14.762442] ? cx25821_shutdown+0x20/0x9f0 [cx25821]
[ 14.762848] cx25821_finidev+0x48/0xc0 [cx25821]
[ 14.763242] pci_device_remove+0x92/0x240
Fix this by freeing the irq before call pci_disable_device().
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/cx25821/cx25821-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/pci/cx25821/cx25821-core.c b/drivers/media/pci/cx25821/cx25821-core.c
index 285047b32c44..a3d45287a534 100644
--- a/drivers/media/pci/cx25821/cx25821-core.c
+++ b/drivers/media/pci/cx25821/cx25821-core.c
@@ -1340,11 +1340,11 @@ static void cx25821_finidev(struct pci_dev *pci_dev)
struct cx25821_dev *dev = get_cx25821(v4l2_dev);
cx25821_shutdown(dev);
- pci_disable_device(pci_dev);
/* unregister stuff */
if (pci_dev->irq)
free_irq(pci_dev->irq, dev);
+ pci_disable_device(pci_dev);
cx25821_dev_unregister(dev);
v4l2_device_unregister(v4l2_dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 047/452] md/bitmap: dont set sb values if cant pass sanity check
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 046/452] media: cx25821: Fix the warning when removing the module Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 048/452] mmc: jz4740: Apply DMA engine limits to maximum segment size Greg Kroah-Hartman
` (410 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Dan Carpenter,
Guoqing Jiang, Heming Zhao, Song Liu, Sasha Levin
From: Heming Zhao <heming.zhao@suse.com>
[ Upstream commit e68cb83a57a458b01c9739e2ad9cb70b04d1e6d2 ]
If bitmap area contains invalid data, kernel will crash then mdadm
triggers "Segmentation fault".
This is cluster-md speical bug. In non-clustered env, mdadm will
handle broken metadata case. In clustered array, only kernel space
handles bitmap slot info. But even this bug only happened in clustered
env, current sanity check is wrong, the code should be changed.
How to trigger: (faulty injection)
dd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sda
dd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sdb
mdadm -C /dev/md0 -b clustered -e 1.2 -n 2 -l mirror /dev/sda /dev/sdb
mdadm -Ss
echo aaa > magic.txt
== below modifying slot 2 bitmap data ==
dd if=magic.txt of=/dev/sda seek=16384 bs=1 count=3 <== destroy magic
dd if=/dev/zero of=/dev/sda seek=16436 bs=1 count=4 <== ZERO chunksize
mdadm -A /dev/md0 /dev/sda /dev/sdb
== kernel crashes. mdadm outputs "Segmentation fault" ==
Reason of kernel crash:
In md_bitmap_read_sb (called by md_bitmap_create), bad bitmap magic didn't
block chunksize assignment, and zero value made DIV_ROUND_UP_SECTOR_T()
trigger "divide error".
Crash log:
kernel: md: md0 stopped.
kernel: md/raid1:md0: not clean -- starting background reconstruction
kernel: md/raid1:md0: active with 2 out of 2 mirrors
kernel: dlm: ... ...
kernel: md-cluster: Joined cluster 44810aba-38bb-e6b8-daca-bc97a0b254aa slot 1
kernel: md0: invalid bitmap file superblock: bad magic
kernel: md_bitmap_copy_from_slot can't get bitmap from slot 2
kernel: md-cluster: Could not gather bitmaps from slot 2
kernel: divide error: 0000 [#1] SMP NOPTI
kernel: CPU: 0 PID: 1603 Comm: mdadm Not tainted 5.14.6-1-default
kernel: Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
kernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod]
kernel: RSP: 0018:ffffc22ac0843ba0 EFLAGS: 00010246
kernel: ... ...
kernel: Call Trace:
kernel: ? dlm_lock_sync+0xd0/0xd0 [md_cluster 77fe..7a0]
kernel: md_bitmap_copy_from_slot+0x2c/0x290 [md_mod 24ea..d3a]
kernel: load_bitmaps+0xec/0x210 [md_cluster 77fe..7a0]
kernel: md_bitmap_load+0x81/0x1e0 [md_mod 24ea..d3a]
kernel: do_md_run+0x30/0x100 [md_mod 24ea..d3a]
kernel: md_ioctl+0x1290/0x15a0 [md_mod 24ea....d3a]
kernel: ? mddev_unlock+0xaa/0x130 [md_mod 24ea..d3a]
kernel: ? blkdev_ioctl+0xb1/0x2b0
kernel: block_ioctl+0x3b/0x40
kernel: __x64_sys_ioctl+0x7f/0xb0
kernel: do_syscall_64+0x59/0x80
kernel: ? exit_to_user_mode_prepare+0x1ab/0x230
kernel: ? syscall_exit_to_user_mode+0x18/0x40
kernel: ? do_syscall_64+0x69/0x80
kernel: entry_SYSCALL_64_after_hwframe+0x44/0xae
kernel: RIP: 0033:0x7f4a15fa722b
kernel: ... ...
kernel: ---[ end trace 8afa7612f559c868 ]---
kernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod]
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Guoqing Jiang <guoqing.jiang@linux.dev>
Signed-off-by: Heming Zhao <heming.zhao@suse.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md-bitmap.c | 44 ++++++++++++++++++++++--------------------
1 file changed, 23 insertions(+), 21 deletions(-)
diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
index ea3130e11680..d377ea060925 100644
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -639,14 +639,6 @@ static int md_bitmap_read_sb(struct bitmap *bitmap)
daemon_sleep = le32_to_cpu(sb->daemon_sleep) * HZ;
write_behind = le32_to_cpu(sb->write_behind);
sectors_reserved = le32_to_cpu(sb->sectors_reserved);
- /* Setup nodes/clustername only if bitmap version is
- * cluster-compatible
- */
- if (sb->version == cpu_to_le32(BITMAP_MAJOR_CLUSTERED)) {
- nodes = le32_to_cpu(sb->nodes);
- strlcpy(bitmap->mddev->bitmap_info.cluster_name,
- sb->cluster_name, 64);
- }
/* verify that the bitmap-specific fields are valid */
if (sb->magic != cpu_to_le32(BITMAP_MAGIC))
@@ -668,6 +660,16 @@ static int md_bitmap_read_sb(struct bitmap *bitmap)
goto out;
}
+ /*
+ * Setup nodes/clustername only if bitmap version is
+ * cluster-compatible
+ */
+ if (sb->version == cpu_to_le32(BITMAP_MAJOR_CLUSTERED)) {
+ nodes = le32_to_cpu(sb->nodes);
+ strlcpy(bitmap->mddev->bitmap_info.cluster_name,
+ sb->cluster_name, 64);
+ }
+
/* keep the array size field of the bitmap superblock up to date */
sb->sync_size = cpu_to_le64(bitmap->mddev->resync_max_sectors);
@@ -700,9 +702,9 @@ static int md_bitmap_read_sb(struct bitmap *bitmap)
out:
kunmap_atomic(sb);
- /* Assigning chunksize is required for "re_read" */
- bitmap->mddev->bitmap_info.chunksize = chunksize;
if (err == 0 && nodes && (bitmap->cluster_slot < 0)) {
+ /* Assigning chunksize is required for "re_read" */
+ bitmap->mddev->bitmap_info.chunksize = chunksize;
err = md_setup_cluster(bitmap->mddev, nodes);
if (err) {
pr_warn("%s: Could not setup cluster service (%d)\n",
@@ -713,18 +715,18 @@ static int md_bitmap_read_sb(struct bitmap *bitmap)
goto re_read;
}
-
out_no_sb:
- if (test_bit(BITMAP_STALE, &bitmap->flags))
- bitmap->events_cleared = bitmap->mddev->events;
- bitmap->mddev->bitmap_info.chunksize = chunksize;
- bitmap->mddev->bitmap_info.daemon_sleep = daemon_sleep;
- bitmap->mddev->bitmap_info.max_write_behind = write_behind;
- bitmap->mddev->bitmap_info.nodes = nodes;
- if (bitmap->mddev->bitmap_info.space == 0 ||
- bitmap->mddev->bitmap_info.space > sectors_reserved)
- bitmap->mddev->bitmap_info.space = sectors_reserved;
- if (err) {
+ if (err == 0) {
+ if (test_bit(BITMAP_STALE, &bitmap->flags))
+ bitmap->events_cleared = bitmap->mddev->events;
+ bitmap->mddev->bitmap_info.chunksize = chunksize;
+ bitmap->mddev->bitmap_info.daemon_sleep = daemon_sleep;
+ bitmap->mddev->bitmap_info.max_write_behind = write_behind;
+ bitmap->mddev->bitmap_info.nodes = nodes;
+ if (bitmap->mddev->bitmap_info.space == 0 ||
+ bitmap->mddev->bitmap_info.space > sectors_reserved)
+ bitmap->mddev->bitmap_info.space = sectors_reserved;
+ } else {
md_bitmap_print_sb(bitmap);
if (bitmap->cluster_slot < 0)
md_cluster_stop(bitmap->mddev);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 048/452] mmc: jz4740: Apply DMA engine limits to maximum segment size
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 047/452] md/bitmap: dont set sb values if cant pass sanity check Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 049/452] drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit Greg Kroah-Hartman
` (409 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aidan MacDonald, Ulf Hansson, Sasha Levin
From: Aidan MacDonald <aidanmacdonald.0x0@gmail.com>
[ Upstream commit afadb04f1d6e74b18a253403f5274cde5e3fd7bd ]
Do what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) and
limit the maximum segment size based on the DMA engine's capabilities. This
is needed to avoid warnings like the following with CONFIG_DMA_API_DEBUG=y.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 21 at kernel/dma/debug.c:1162 debug_dma_map_sg+0x2f4/0x39c
DMA-API: jz4780-dma 13420000.dma-controller: mapping sg segment longer than device claims to support [len=98304] [max=65536]
CPU: 0 PID: 21 Comm: kworker/0:1H Not tainted 5.18.0-rc1 #19
Workqueue: kblockd blk_mq_run_work_fn
Stack : 81575aec 00000004 80620000 80620000 80620000 805e7358 00000009 801537ac
814c832c 806276e3 806e34b4 80620000 81575aec 00000001 81575ab8 09291444
00000000 00000000 805e7358 81575958 ffffffea 8157596c 00000000 636f6c62
6220646b 80387a70 0000000f 6d5f6b6c 80620000 00000000 81575ba4 00000009
805e170c 80896640 00000001 00010000 00000000 00000000 00006098 806e0000
...
Call Trace:
[<80107670>] show_stack+0x84/0x120
[<80528cd8>] __warn+0xb8/0xec
[<80528d78>] warn_slowpath_fmt+0x6c/0xb8
[<8016f1d4>] debug_dma_map_sg+0x2f4/0x39c
[<80169d4c>] __dma_map_sg_attrs+0xf0/0x118
[<8016a27c>] dma_map_sg_attrs+0x14/0x28
[<804f66b4>] jz4740_mmc_prepare_dma_data+0x74/0xa4
[<804f6714>] jz4740_mmc_pre_request+0x30/0x54
[<804f4ff4>] mmc_blk_mq_issue_rq+0x6e0/0x7bc
[<804f5590>] mmc_mq_queue_rq+0x220/0x2d4
[<8038b2c0>] blk_mq_dispatch_rq_list+0x480/0x664
[<80391040>] blk_mq_do_dispatch_sched+0x2dc/0x370
[<80391468>] __blk_mq_sched_dispatch_requests+0xec/0x164
[<80391540>] blk_mq_sched_dispatch_requests+0x44/0x94
[<80387900>] __blk_mq_run_hw_queue+0xb0/0xcc
[<80134c14>] process_one_work+0x1b8/0x264
[<80134ff8>] worker_thread+0x2ec/0x3b8
[<8013b13c>] kthread+0x104/0x10c
[<80101dcc>] ret_from_kernel_thread+0x14/0x1c
---[ end trace 0000000000000000 ]---
Signed-off-by: Aidan MacDonald <aidanmacdonald.0x0@gmail.com>
Link: https://lore.kernel.org/r/20220411153753.50443-1-aidanmacdonald.0x0@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/jz4740_mmc.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/drivers/mmc/host/jz4740_mmc.c b/drivers/mmc/host/jz4740_mmc.c
index a1f92fed2a55..aa3dfb9c1071 100644
--- a/drivers/mmc/host/jz4740_mmc.c
+++ b/drivers/mmc/host/jz4740_mmc.c
@@ -236,6 +236,26 @@ static int jz4740_mmc_acquire_dma_channels(struct jz4740_mmc_host *host)
return PTR_ERR(host->dma_rx);
}
+ /*
+ * Limit the maximum segment size in any SG entry according to
+ * the parameters of the DMA engine device.
+ */
+ if (host->dma_tx) {
+ struct device *dev = host->dma_tx->device->dev;
+ unsigned int max_seg_size = dma_get_max_seg_size(dev);
+
+ if (max_seg_size < host->mmc->max_seg_size)
+ host->mmc->max_seg_size = max_seg_size;
+ }
+
+ if (host->dma_rx) {
+ struct device *dev = host->dma_rx->device->dev;
+ unsigned int max_seg_size = dma_get_max_seg_size(dev);
+
+ if (max_seg_size < host->mmc->max_seg_size)
+ host->mmc->max_seg_size = max_seg_size;
+ }
+
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 049/452] drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 048/452] mmc: jz4740: Apply DMA engine limits to maximum segment size Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 050/452] scsi: megaraid: Fix error check return value of register_chrdev() Greg Kroah-Hartman
` (408 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vignesh Raghavendra,
Aswath Govindraju, Ulf Hansson, Sasha Levin
From: Vignesh Raghavendra <vigneshr@ti.com>
[ Upstream commit c7666240ec76422cb7546bd07cc8ae80dc0ccdd2 ]
The ARASAN MMC controller on Keystone 3 class of devices need the SDCD
line to be connected for proper functioning. Similar to the issue pointed
out in sdhci-of-arasan.c driver, commit 3794c542641f ("mmc:
sdhci-of-arasan: Set controller to test mode when no CD bit").
In cases where this can't be connected, add a quirk to force the
controller into test mode and set the TESTCD bit. Use the flag
"ti,fails-without-test-cd", to implement this above quirk when required.
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Aswath Govindraju <a-govindraju@ti.com>
Link: https://lore.kernel.org/r/20220425063120.10135-3-a-govindraju@ti.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci_am654.c | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/sdhci_am654.c b/drivers/mmc/host/sdhci_am654.c
index a64ea143d185..7cab9d831afb 100644
--- a/drivers/mmc/host/sdhci_am654.c
+++ b/drivers/mmc/host/sdhci_am654.c
@@ -147,6 +147,9 @@ struct sdhci_am654_data {
int drv_strength;
int strb_sel;
u32 flags;
+ u32 quirks;
+
+#define SDHCI_AM654_QUIRK_FORCE_CDTEST BIT(0)
};
struct sdhci_am654_driver_data {
@@ -369,6 +372,21 @@ static void sdhci_am654_write_b(struct sdhci_host *host, u8 val, int reg)
}
}
+static void sdhci_am654_reset(struct sdhci_host *host, u8 mask)
+{
+ u8 ctrl;
+ struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
+ struct sdhci_am654_data *sdhci_am654 = sdhci_pltfm_priv(pltfm_host);
+
+ sdhci_reset(host, mask);
+
+ if (sdhci_am654->quirks & SDHCI_AM654_QUIRK_FORCE_CDTEST) {
+ ctrl = sdhci_readb(host, SDHCI_HOST_CONTROL);
+ ctrl |= SDHCI_CTRL_CDTEST_INS | SDHCI_CTRL_CDTEST_EN;
+ sdhci_writeb(host, ctrl, SDHCI_HOST_CONTROL);
+ }
+}
+
static int sdhci_am654_execute_tuning(struct mmc_host *mmc, u32 opcode)
{
struct sdhci_host *host = mmc_priv(mmc);
@@ -500,7 +518,7 @@ static struct sdhci_ops sdhci_j721e_4bit_ops = {
.set_clock = sdhci_j721e_4bit_set_clock,
.write_b = sdhci_am654_write_b,
.irq = sdhci_am654_cqhci_irq,
- .reset = sdhci_reset,
+ .reset = sdhci_am654_reset,
};
static const struct sdhci_pltfm_data sdhci_j721e_4bit_pdata = {
@@ -719,6 +737,9 @@ static int sdhci_am654_get_of_property(struct platform_device *pdev,
device_property_read_u32(dev, "ti,clkbuf-sel",
&sdhci_am654->clkbuf_sel);
+ if (device_property_read_bool(dev, "ti,fails-without-test-cd"))
+ sdhci_am654->quirks |= SDHCI_AM654_QUIRK_FORCE_CDTEST;
+
sdhci_get_of_property(pdev);
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 050/452] scsi: megaraid: Fix error check return value of register_chrdev()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 049/452] drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 051/452] scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() Greg Kroah-Hartman
` (407 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Lv Ruyi,
Martin K. Petersen, Sasha Levin
From: Lv Ruyi <lv.ruyi@zte.com.cn>
[ Upstream commit c5acd61dbb32b6bda0f3a354108f2b8dcb788985 ]
If major equals 0, register_chrdev() returns an error code when it fails.
This function dynamically allocates a major and returns its number on
success, so we should use "< 0" to check it instead of "!".
Link: https://lore.kernel.org/r/20220418105755.2558828-1-lv.ruyi@zte.com.cn
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/megaraid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/megaraid.c b/drivers/scsi/megaraid.c
index 80f546976c7e..daffa36988ae 100644
--- a/drivers/scsi/megaraid.c
+++ b/drivers/scsi/megaraid.c
@@ -4634,7 +4634,7 @@ static int __init megaraid_init(void)
* major number allocation.
*/
major = register_chrdev(0, "megadev_legacy", &megadev_fops);
- if (!major) {
+ if (major < 0) {
printk(KERN_WARNING
"megaraid: failed to register char device\n");
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 051/452] scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 050/452] scsi: megaraid: Fix error check return value of register_chrdev() Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 052/452] scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() Greg Kroah-Hartman
` (406 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Minghao Chi,
Martin K. Petersen, Sasha Levin
From: Minghao Chi <chi.minghao@zte.com.cn>
[ Upstream commit 75b8715e20a20bc7b4844835e4035543a2674200 ]
Using pm_runtime_resume_and_get() to replace pm_runtime_get_sync() and
pm_runtime_put_noidle(). This change is just to simplify the code, no
actual functional changes.
Link: https://lore.kernel.org/r/20220420090353.2588804-1-chi.minghao@zte.com.cn
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Minghao Chi <chi.minghao@zte.com.cn>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/ufs/ti-j721e-ufs.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/ufs/ti-j721e-ufs.c b/drivers/scsi/ufs/ti-j721e-ufs.c
index eafe0db98d54..122d650d0810 100644
--- a/drivers/scsi/ufs/ti-j721e-ufs.c
+++ b/drivers/scsi/ufs/ti-j721e-ufs.c
@@ -29,11 +29,9 @@ static int ti_j721e_ufs_probe(struct platform_device *pdev)
return PTR_ERR(regbase);
pm_runtime_enable(dev);
- ret = pm_runtime_get_sync(dev);
- if (ret < 0) {
- pm_runtime_put_noidle(dev);
+ ret = pm_runtime_resume_and_get(dev);
+ if (ret < 0)
goto disable_pm;
- }
/* Select MPHY refclk frequency */
clk = devm_clk_get(dev, NULL);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 052/452] scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 051/452] scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 053/452] ath11k: disable spectral scan during spectral deinit Greg Kroah-Hartman
` (405 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit 646db1a560f44236b7278b822ca99a1d3b6ea72c ]
If no handler is found in lpfc_complete_unsol_iocb() to match the rctl of a
received frame, the frame is dropped and resources are leaked.
Fix by returning resources when discarding an unhandled frame type. Update
lpfc_fc_frame_check() handling of NOP basic link service.
Link: https://lore.kernel.org/r/20220426181419.9154-1-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_sli.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index a50f870c5f72..755d68b98160 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -17445,7 +17445,6 @@ lpfc_fc_frame_check(struct lpfc_hba *phba, struct fc_frame_header *fc_hdr)
case FC_RCTL_ELS_REP: /* extended link services reply */
case FC_RCTL_ELS4_REQ: /* FC-4 ELS request */
case FC_RCTL_ELS4_REP: /* FC-4 ELS reply */
- case FC_RCTL_BA_NOP: /* basic link service NOP */
case FC_RCTL_BA_ABTS: /* basic link service abort */
case FC_RCTL_BA_RMC: /* remove connection */
case FC_RCTL_BA_ACC: /* basic accept */
@@ -17466,6 +17465,7 @@ lpfc_fc_frame_check(struct lpfc_hba *phba, struct fc_frame_header *fc_hdr)
fc_vft_hdr = (struct fc_vft_header *)fc_hdr;
fc_hdr = &((struct fc_frame_header *)fc_vft_hdr)[1];
return lpfc_fc_frame_check(phba, fc_hdr);
+ case FC_RCTL_BA_NOP: /* basic link service NOP */
default:
goto drop;
}
@@ -18284,12 +18284,14 @@ lpfc_sli4_send_seq_to_ulp(struct lpfc_vport *vport,
if (!lpfc_complete_unsol_iocb(phba,
phba->sli4_hba.els_wq->pring,
iocbq, fc_hdr->fh_r_ctl,
- fc_hdr->fh_type))
+ fc_hdr->fh_type)) {
lpfc_printf_log(phba, KERN_ERR, LOG_TRACE_EVENT,
"2540 Ring %d handler: unexpected Rctl "
"x%x Type x%x received\n",
LPFC_ELS_RING,
fc_hdr->fh_r_ctl, fc_hdr->fh_type);
+ lpfc_in_buf_free(phba, &seq_dmabuf->dbuf);
+ }
/* Free iocb created in lpfc_prep_seq */
list_for_each_entry_safe(curr_iocb, next_iocb,
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 053/452] ath11k: disable spectral scan during spectral deinit
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 052/452] scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 054/452] ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 Greg Kroah-Hartman
` (404 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hari Chandrakanthan, Kalle Valo, Sasha Levin
From: Hari Chandrakanthan <quic_haric@quicinc.com>
[ Upstream commit 161c64de239c7018e0295e7e0520a19f00aa32dc ]
When ath11k modules are removed using rmmod with spectral scan enabled,
crash is observed. Different crash trace is observed for each crash.
Send spectral scan disable WMI command to firmware before cleaning
the spectral dbring in the spectral_deinit API to avoid this crash.
call trace from one of the crash observed:
[ 1252.880802] Unable to handle kernel NULL pointer dereference at virtual address 00000008
[ 1252.882722] pgd = 0f42e886
[ 1252.890955] [00000008] *pgd=00000000
[ 1252.893478] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 1253.093035] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.4.89 #0
[ 1253.115261] Hardware name: Generic DT based system
[ 1253.121149] PC is at ath11k_spectral_process_data+0x434/0x574 [ath11k]
[ 1253.125940] LR is at 0x88e31017
[ 1253.132448] pc : [<7f9387b8>] lr : [<88e31017>] psr: a0000193
[ 1253.135488] sp : 80d01bc8 ip : 00000001 fp : 970e0000
[ 1253.141737] r10: 88e31000 r9 : 970ec000 r8 : 00000080
[ 1253.146946] r7 : 94734040 r6 : a0000113 r5 : 00000057 r4 : 00000000
[ 1253.152159] r3 : e18cb694 r2 : 00000217 r1 : 1df1f000 r0 : 00000001
[ 1253.158755] Flags: NzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
[ 1253.165266] Control: 10c0383d Table: 5e71006a DAC: 00000055
[ 1253.172472] Process swapper/0 (pid: 0, stack limit = 0x60870141)
[ 1253.458055] [<7f9387b8>] (ath11k_spectral_process_data [ath11k]) from [<7f917fdc>] (ath11k_dbring_buffer_release_event+0x214/0x2e4 [ath11k])
[ 1253.466139] [<7f917fdc>] (ath11k_dbring_buffer_release_event [ath11k]) from [<7f8ea3c4>] (ath11k_wmi_tlv_op_rx+0x1840/0x29cc [ath11k])
[ 1253.478807] [<7f8ea3c4>] (ath11k_wmi_tlv_op_rx [ath11k]) from [<7f8fe868>] (ath11k_htc_rx_completion_handler+0x180/0x4e0 [ath11k])
[ 1253.490699] [<7f8fe868>] (ath11k_htc_rx_completion_handler [ath11k]) from [<7f91308c>] (ath11k_ce_per_engine_service+0x2c4/0x3b4 [ath11k])
[ 1253.502386] [<7f91308c>] (ath11k_ce_per_engine_service [ath11k]) from [<7f9a4198>] (ath11k_pci_ce_tasklet+0x28/0x80 [ath11k_pci])
[ 1253.514811] [<7f9a4198>] (ath11k_pci_ce_tasklet [ath11k_pci]) from [<8032227c>] (tasklet_action_common.constprop.2+0x64/0xe8)
[ 1253.526476] [<8032227c>] (tasklet_action_common.constprop.2) from [<803021e8>] (__do_softirq+0x130/0x2d0)
[ 1253.537756] [<803021e8>] (__do_softirq) from [<80322610>] (irq_exit+0xcc/0xe8)
[ 1253.547304] [<80322610>] (irq_exit) from [<8036a4a4>] (__handle_domain_irq+0x60/0xb4)
[ 1253.554428] [<8036a4a4>] (__handle_domain_irq) from [<805eb348>] (gic_handle_irq+0x4c/0x90)
[ 1253.562321] [<805eb348>] (gic_handle_irq) from [<80301a78>] (__irq_svc+0x58/0x8c)
Tested-on: QCN6122 hw1.0 AHB WLAN.HK.2.6.0.1-00851-QCAHKSWPL_SILICONZ-1
Signed-off-by: Hari Chandrakanthan <quic_haric@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/1649396345-349-1-git-send-email-quic_haric@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/spectral.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/spectral.c b/drivers/net/wireless/ath/ath11k/spectral.c
index ac2a8cfdc1c0..f5ab455ea1a2 100644
--- a/drivers/net/wireless/ath/ath11k/spectral.c
+++ b/drivers/net/wireless/ath/ath11k/spectral.c
@@ -214,7 +214,10 @@ static int ath11k_spectral_scan_config(struct ath11k *ar,
return -ENODEV;
arvif->spectral_enabled = (mode != ATH11K_SPECTRAL_DISABLED);
+
+ spin_lock_bh(&ar->spectral.lock);
ar->spectral.mode = mode;
+ spin_unlock_bh(&ar->spectral.lock);
ret = ath11k_wmi_vdev_spectral_enable(ar, arvif->vdev_id,
ATH11K_WMI_SPECTRAL_TRIGGER_CMD_CLEAR,
@@ -829,9 +832,6 @@ static inline void ath11k_spectral_ring_free(struct ath11k *ar)
{
struct ath11k_spectral *sp = &ar->spectral;
- if (!sp->enabled)
- return;
-
ath11k_dbring_srng_cleanup(ar, &sp->rx_ring);
ath11k_dbring_buf_cleanup(ar, &sp->rx_ring);
}
@@ -883,15 +883,16 @@ void ath11k_spectral_deinit(struct ath11k_base *ab)
if (!sp->enabled)
continue;
- ath11k_spectral_debug_unregister(ar);
- ath11k_spectral_ring_free(ar);
+ mutex_lock(&ar->conf_mutex);
+ ath11k_spectral_scan_config(ar, ATH11K_SPECTRAL_DISABLED);
+ mutex_unlock(&ar->conf_mutex);
spin_lock_bh(&sp->lock);
-
- sp->mode = ATH11K_SPECTRAL_DISABLED;
sp->enabled = false;
-
spin_unlock_bh(&sp->lock);
+
+ ath11k_spectral_debug_unregister(ar);
+ ath11k_spectral_ring_free(ar);
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 054/452] ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 053/452] ath11k: disable spectral scan during spectral deinit Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 055/452] drm/plane: Move range check for format_count earlier Greg Kroah-Hartman
` (403 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Pierre-Louis Bossart,
Mark Brown, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit ce216cfa84a4e1c23b105e652c550bdeaac9e922 ]
Add a quirk for the HP Pro Tablet 408, this BYTCR tablet has no CHAN
package in its ACPI tables and uses SSP0-AIF1 rather then SSP0-AIF2 which
is the default for BYTCR devices.
It also uses DMIC1 for the internal mic rather then the default IN3
and it uses JD2 rather then the default JD1 for jack-detect.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=211485
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20220427134918.527381-1-hdegoede@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/boards/bytcr_rt5640.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c
index 43ee3d095a1b..3020a993f6ef 100644
--- a/sound/soc/intel/boards/bytcr_rt5640.c
+++ b/sound/soc/intel/boards/bytcr_rt5640.c
@@ -615,6 +615,18 @@ static const struct dmi_system_id byt_rt5640_quirk_table[] = {
BYT_RT5640_OVCD_SF_0P75 |
BYT_RT5640_MCLK_EN),
},
+ { /* HP Pro Tablet 408 */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "HP Pro Tablet 408"),
+ },
+ .driver_data = (void *)(BYT_RT5640_DMIC1_MAP |
+ BYT_RT5640_JD_SRC_JD2_IN4N |
+ BYT_RT5640_OVCD_TH_1500UA |
+ BYT_RT5640_OVCD_SF_0P75 |
+ BYT_RT5640_SSP0_AIF1 |
+ BYT_RT5640_MCLK_EN),
+ },
{ /* HP Stream 7 */
.matches = {
DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 055/452] drm/plane: Move range check for format_count earlier
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 054/452] ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 056/452] drm/amd/pm: fix the compile warning Greg Kroah-Hartman
` (402 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Steven Price, Liviu Dudau, Sasha Levin
From: Steven Price <steven.price@arm.com>
[ Upstream commit 4b674dd69701c2e22e8e7770c1706a69f3b17269 ]
While the check for format_count > 64 in __drm_universal_plane_init()
shouldn't be hit (it's a WARN_ON), in its current position it will then
leak the plane->format_types array and fail to call
drm_mode_object_unregister() leaking the modeset identifier. Move it to
the start of the function to avoid allocating those resources in the
first place.
Signed-off-by: Steven Price <steven.price@arm.com>
Signed-off-by: Liviu Dudau <liviu.dudau@arm.com>
Link: https://lore.kernel.org/dri-devel/20211203102815.38624-1-steven.price@arm.com/
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_plane.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/gpu/drm/drm_plane.c b/drivers/gpu/drm/drm_plane.c
index affe1cfed009..24f643982903 100644
--- a/drivers/gpu/drm/drm_plane.c
+++ b/drivers/gpu/drm/drm_plane.c
@@ -186,6 +186,13 @@ int drm_universal_plane_init(struct drm_device *dev, struct drm_plane *plane,
if (WARN_ON(config->num_total_plane >= 32))
return -EINVAL;
+ /*
+ * First driver to need more than 64 formats needs to fix this. Each
+ * format is encoded as a bit and the current code only supports a u64.
+ */
+ if (WARN_ON(format_count > 64))
+ return -EINVAL;
+
WARN_ON(drm_drv_uses_atomic_modeset(dev) &&
(!funcs->atomic_destroy_state ||
!funcs->atomic_duplicate_state));
@@ -207,13 +214,6 @@ int drm_universal_plane_init(struct drm_device *dev, struct drm_plane *plane,
return -ENOMEM;
}
- /*
- * First driver to need more than 64 formats needs to fix this. Each
- * format is encoded as a bit and the current code only supports a u64.
- */
- if (WARN_ON(format_count > 64))
- return -EINVAL;
-
if (format_modifiers) {
const uint64_t *temp_modifiers = format_modifiers;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 056/452] drm/amd/pm: fix the compile warning
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 055/452] drm/plane: Move range check for format_count earlier Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 057/452] ath10k: skip ath10k_halt during suspend for driver state RESTARTING Greg Kroah-Hartman
` (401 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Alex Deucher,
Evan Quan, Sasha Levin
From: Evan Quan <evan.quan@amd.com>
[ Upstream commit 555238d92ac32dbad2d77ad2bafc48d17391990c ]
Fix the compile warning below:
drivers/gpu/drm/amd/amdgpu/../pm/legacy-dpm/kv_dpm.c:1641
kv_get_acp_boot_level() warn: always true condition '(table->entries[i]->clk >= 0) => (0-u32max >= 0)'
Reported-by: kernel test robot <lkp@intel.com>
CC: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Evan Quan <evan.quan@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/pm/powerplay/kv_dpm.c | 14 +-------------
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/drivers/gpu/drm/amd/pm/powerplay/kv_dpm.c b/drivers/gpu/drm/amd/pm/powerplay/kv_dpm.c
index 4b3faaccecb9..c8a5a5698edd 100644
--- a/drivers/gpu/drm/amd/pm/powerplay/kv_dpm.c
+++ b/drivers/gpu/drm/amd/pm/powerplay/kv_dpm.c
@@ -1609,19 +1609,7 @@ static int kv_update_samu_dpm(struct amdgpu_device *adev, bool gate)
static u8 kv_get_acp_boot_level(struct amdgpu_device *adev)
{
- u8 i;
- struct amdgpu_clock_voltage_dependency_table *table =
- &adev->pm.dpm.dyn_state.acp_clock_voltage_dependency_table;
-
- for (i = 0; i < table->count; i++) {
- if (table->entries[i].clk >= 0) /* XXX */
- break;
- }
-
- if (i >= table->count)
- i = table->count - 1;
-
- return i;
+ return 0;
}
static void kv_update_acp_boot_level(struct amdgpu_device *adev)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 057/452] ath10k: skip ath10k_halt during suspend for driver state RESTARTING
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 056/452] drm/amd/pm: fix the compile warning Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 058/452] arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall Greg Kroah-Hartman
` (400 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wen Gong, Abhishek Kumar,
Brian Norris, Kalle Valo, Sasha Levin
From: Abhishek Kumar <kuabhs@chromium.org>
[ Upstream commit b72a4aff947ba807177bdabb43debaf2c66bee05 ]
Double free crash is observed when FW recovery(caused by wmi
timeout/crash) is followed by immediate suspend event. The FW recovery
is triggered by ath10k_core_restart() which calls driver clean up via
ath10k_halt(). When the suspend event occurs between the FW recovery,
the restart worker thread is put into frozen state until suspend completes.
The suspend event triggers ath10k_stop() which again triggers ath10k_halt()
The double invocation of ath10k_halt() causes ath10k_htt_rx_free() to be
called twice(Note: ath10k_htt_rx_alloc was not called by restart worker
thread because of its frozen state), causing the crash.
To fix this, during the suspend flow, skip call to ath10k_halt() in
ath10k_stop() when the current driver state is ATH10K_STATE_RESTARTING.
Also, for driver state ATH10K_STATE_RESTARTING, call
ath10k_wait_for_suspend() in ath10k_stop(). This is because call to
ath10k_wait_for_suspend() is skipped later in
[ath10k_halt() > ath10k_core_stop()] for the driver state
ATH10K_STATE_RESTARTING.
The frozen restart worker thread will be cancelled during resume when the
device comes out of suspend.
Below is the crash stack for reference:
[ 428.469167] ------------[ cut here ]------------
[ 428.469180] kernel BUG at mm/slub.c:4150!
[ 428.469193] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[ 428.469219] Workqueue: events_unbound async_run_entry_fn
[ 428.469230] RIP: 0010:kfree+0x319/0x31b
[ 428.469241] RSP: 0018:ffffa1fac015fc30 EFLAGS: 00010246
[ 428.469247] RAX: ffffedb10419d108 RBX: ffff8c05262b0000
[ 428.469252] RDX: ffff8c04a8c07000 RSI: 0000000000000000
[ 428.469256] RBP: ffffa1fac015fc78 R08: 0000000000000000
[ 428.469276] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 428.469285] Call Trace:
[ 428.469295] ? dma_free_attrs+0x5f/0x7d
[ 428.469320] ath10k_core_stop+0x5b/0x6f
[ 428.469336] ath10k_halt+0x126/0x177
[ 428.469352] ath10k_stop+0x41/0x7e
[ 428.469387] drv_stop+0x88/0x10e
[ 428.469410] __ieee80211_suspend+0x297/0x411
[ 428.469441] rdev_suspend+0x6e/0xd0
[ 428.469462] wiphy_suspend+0xb1/0x105
[ 428.469483] ? name_show+0x2d/0x2d
[ 428.469490] dpm_run_callback+0x8c/0x126
[ 428.469511] ? name_show+0x2d/0x2d
[ 428.469517] __device_suspend+0x2e7/0x41b
[ 428.469523] async_suspend+0x1f/0x93
[ 428.469529] async_run_entry_fn+0x3d/0xd1
[ 428.469535] process_one_work+0x1b1/0x329
[ 428.469541] worker_thread+0x213/0x372
[ 428.469547] kthread+0x150/0x15f
[ 428.469552] ? pr_cont_work+0x58/0x58
[ 428.469558] ? kthread_blkcg+0x31/0x31
Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00288-QCARMSWPZ-1
Co-developed-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Abhishek Kumar <kuabhs@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220426221859.v2.1.I650b809482e1af8d0156ed88b5dc2677a0711d46@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath10k/mac.c | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
index b59d482d9c23..b61cd275fbda 100644
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -5170,13 +5170,29 @@ static int ath10k_start(struct ieee80211_hw *hw)
static void ath10k_stop(struct ieee80211_hw *hw)
{
struct ath10k *ar = hw->priv;
+ u32 opt;
ath10k_drain_tx(ar);
mutex_lock(&ar->conf_mutex);
if (ar->state != ATH10K_STATE_OFF) {
- if (!ar->hw_rfkill_on)
- ath10k_halt(ar);
+ if (!ar->hw_rfkill_on) {
+ /* If the current driver state is RESTARTING but not yet
+ * fully RESTARTED because of incoming suspend event,
+ * then ath10k_halt() is already called via
+ * ath10k_core_restart() and should not be called here.
+ */
+ if (ar->state != ATH10K_STATE_RESTARTING) {
+ ath10k_halt(ar);
+ } else {
+ /* Suspending here, because when in RESTARTING
+ * state, ath10k_core_stop() skips
+ * ath10k_wait_for_suspend().
+ */
+ opt = WMI_PDEV_SUSPEND_AND_DISABLE_INTR;
+ ath10k_wait_for_suspend(ar, opt);
+ }
+ }
ar->state = ATH10K_STATE_OFF;
}
mutex_unlock(&ar->conf_mutex);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 058/452] arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 057/452] ath10k: skip ath10k_halt during suspend for driver state RESTARTING Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 059/452] drm: msm: fix error check return value of irq_of_parse_and_map() Greg Kroah-Hartman
` (399 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexandru Elisei, Marc Zyngier,
Catalin Marinas, Sasha Levin
From: Alexandru Elisei <alexandru.elisei@arm.com>
[ Upstream commit 3fed9e551417b84038b15117732ea4505eee386b ]
If a compat process tries to execute an unknown system call above the
__ARM_NR_COMPAT_END number, the kernel sends a SIGILL signal to the
offending process. Information about the error is printed to dmesg in
compat_arm_syscall() -> arm64_notify_die() -> arm64_force_sig_fault() ->
arm64_show_signal().
arm64_show_signal() interprets a non-zero value for
current->thread.fault_code as an exception syndrome and displays the
message associated with the ESR_ELx.EC field (bits 31:26).
current->thread.fault_code is set in compat_arm_syscall() ->
arm64_notify_die() with the bad syscall number instead of a valid ESR_ELx
value. This means that the ESR_ELx.EC field has the value that the user set
for the syscall number and the kernel can end up printing bogus exception
messages*. For example, for the syscall number 0x68000000, which evaluates
to ESR_ELx.EC value of 0x1A (ESR_ELx_EC_FPAC) the kernel prints this error:
[ 18.349161] syscall[300]: unhandled exception: ERET/ERETAA/ERETAB, ESR 0x68000000, Oops - bad compat syscall(2) in syscall[10000+50000]
[ 18.350639] CPU: 2 PID: 300 Comm: syscall Not tainted 5.18.0-rc1 #79
[ 18.351249] Hardware name: Pine64 RockPro64 v2.0 (DT)
[..]
which is misleading, as the bad compat syscall has nothing to do with
pointer authentication.
Stop arm64_show_signal() from printing exception syndrome information by
having compat_arm_syscall() set the ESR_ELx value to 0, as it has no
meaning for an invalid system call number. The example above now becomes:
[ 19.935275] syscall[301]: unhandled exception: Oops - bad compat syscall(2) in syscall[10000+50000]
[ 19.936124] CPU: 1 PID: 301 Comm: syscall Not tainted 5.18.0-rc1-00005-g7e08006d4102 #80
[ 19.936894] Hardware name: Pine64 RockPro64 v2.0 (DT)
[..]
which although shows less information because the syscall number,
wrongfully advertised as the ESR value, is missing, it is better than
showing plainly wrong information. The syscall number can be easily
obtained with strace.
*A 32-bit value above or equal to 0x8000_0000 is interpreted as a negative
integer in compat_arm_syscal() and the condition scno < __ARM_NR_COMPAT_END
evaluates to true; the syscall will exit to userspace in this case with the
ENOSYS error code instead of arm64_notify_die() being called.
Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
Reviewed-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20220425114444.368693-3-alexandru.elisei@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/sys_compat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/sys_compat.c b/arch/arm64/kernel/sys_compat.c
index 3c18c2454089..51274bab2565 100644
--- a/arch/arm64/kernel/sys_compat.c
+++ b/arch/arm64/kernel/sys_compat.c
@@ -115,6 +115,6 @@ long compat_arm_syscall(struct pt_regs *regs, int scno)
(compat_thumb_mode(regs) ? 2 : 4);
arm64_notify_die("Oops - bad compat syscall(2)", regs,
- SIGILL, ILL_ILLTRP, addr, scno);
+ SIGILL, ILL_ILLTRP, addr, 0);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 059/452] drm: msm: fix error check return value of irq_of_parse_and_map()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 058/452] arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 060/452] ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL Greg Kroah-Hartman
` (398 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Lv Ruyi,
Dmitry Baryshkov, Sasha Levin
From: Lv Ruyi <lv.ruyi@zte.com.cn>
[ Upstream commit b9e4f1d2b505df8e2439b63e67afaa287c1c43e2 ]
The irq_of_parse_and_map() function returns 0 on failure, and does not
return an negative value.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/483175/
Link: https://lore.kernel.org/r/20220424031959.3172406-1-lv.ruyi@zte.com.cn
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c
index e193865ce9a2..9baaaef706ab 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_kms.c
@@ -598,9 +598,9 @@ struct msm_kms *mdp5_kms_init(struct drm_device *dev)
pdev = mdp5_kms->pdev;
irq = irq_of_parse_and_map(pdev->dev.of_node, 0);
- if (irq < 0) {
- ret = irq;
- DRM_DEV_ERROR(&pdev->dev, "failed to get irq: %d\n", ret);
+ if (!irq) {
+ ret = -EINVAL;
+ DRM_DEV_ERROR(&pdev->dev, "failed to get irq\n");
goto fail;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 060/452] ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 059/452] drm: msm: fix error check return value of irq_of_parse_and_map() Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 061/452] net/mlx5: fs, delete the FTE when there are no rules attached to it Greg Kroah-Hartman
` (397 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, jianghaoran, Jakub Kicinski, Sasha Levin
From: jianghaoran <jianghaoran@kylinos.cn>
[ Upstream commit b52e1cce31ca721e937d517411179f9196ee6135 ]
ARPHRD_TUNNEL interface can't process rs packets
and will generate TX errors
ex:
ip tunnel add ethn mode ipip local 192.168.1.1 remote 192.168.1.2
ifconfig ethn x.x.x.x
ethn: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1480
inet x.x.x.x netmask 255.255.255.255 destination x.x.x.x
inet6 fe80::5efe:ac1e:3cdb prefixlen 64 scopeid 0x20<link>
tunnel txqueuelen 1000 (IPIP Tunnel)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 3 dropped 0 overruns 0 carrier 0 collisions 0
Signed-off-by: jianghaoran <jianghaoran@kylinos.cn>
Link: https://lore.kernel.org/r/20220429053802.246681-1-jianghaoran@kylinos.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/addrconf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 4584bb50960b..0562fb321959 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -4200,7 +4200,8 @@ static void addrconf_dad_completed(struct inet6_ifaddr *ifp, bool bump_id,
send_rs = send_mld &&
ipv6_accept_ra(ifp->idev) &&
ifp->idev->cnf.rtr_solicits != 0 &&
- (dev->flags&IFF_LOOPBACK) == 0;
+ (dev->flags & IFF_LOOPBACK) == 0 &&
+ (dev->type != ARPHRD_TUNNEL);
read_unlock_bh(&ifp->idev->lock);
/* While dad is in progress mld report's source address is in6_addrany.
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 061/452] net/mlx5: fs, delete the FTE when there are no rules attached to it
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 060/452] ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 062/452] ASoC: dapm: Dont fold register value changes into notifications Greg Kroah-Hartman
` (396 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Bloch, Maor Gottlieb,
Saeed Mahameed, Sasha Levin
From: Mark Bloch <mbloch@nvidia.com>
[ Upstream commit 7b0c6338597613f465d131bd939a51844a00455a ]
When an FTE has no children is means all the rules where removed
and the FTE can be deleted regardless of the dests_size value.
While dests_size should be 0 when there are no children
be extra careful not to leak memory or get firmware syndrome
if the proper bookkeeping of dests_size wasn't done.
Signed-off-by: Mark Bloch <mbloch@nvidia.com>
Reviewed-by: Maor Gottlieb <maorg@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
index 55772f0cbbf8..15472fb15d7d 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
@@ -2024,16 +2024,16 @@ void mlx5_del_flow_rules(struct mlx5_flow_handle *handle)
down_write_ref_node(&fte->node, false);
for (i = handle->num_rules - 1; i >= 0; i--)
tree_remove_node(&handle->rule[i]->node, true);
- if (fte->dests_size) {
- if (fte->modify_mask)
- modify_fte(fte);
- up_write_ref_node(&fte->node, false);
- } else if (list_empty(&fte->node.children)) {
+ if (list_empty(&fte->node.children)) {
del_hw_fte(&fte->node);
/* Avoid double call to del_hw_fte */
fte->node.del_hw_func = NULL;
up_write_ref_node(&fte->node, false);
tree_put_node(&fte->node, false);
+ } else if (fte->dests_size) {
+ if (fte->modify_mask)
+ modify_fte(fte);
+ up_write_ref_node(&fte->node, false);
} else {
up_write_ref_node(&fte->node, false);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 062/452] ASoC: dapm: Dont fold register value changes into notifications
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 061/452] net/mlx5: fs, delete the FTE when there are no rules attached to it Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 063/452] mlxsw: spectrum_dcb: Do not warn about priority changes Greg Kroah-Hartman
` (395 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mark Brown, Sasha Levin
From: Mark Brown <broonie@kernel.org>
[ Upstream commit ad685980469b9f9b99d4d6ea05f4cb8f57cb2234 ]
DAPM tracks and reports the value presented to the user from DAPM controls
separately to the register value, these may diverge during initialisation
or when an autodisable control is in use.
When writing DAPM controls we currently report that a change has occurred
if either the DAPM value or the value stored in the register has changed,
meaning that if the two are out of sync we may appear to report a spurious
event to userspace. Since we use this folded in value for nothing other
than the value reported to userspace simply drop the folding in of the
register change.
Signed-off-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20220428161833.3690050-1-broonie@kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/soc-dapm.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
index 417732bdf286..f2f7f2dde93c 100644
--- a/sound/soc/soc-dapm.c
+++ b/sound/soc/soc-dapm.c
@@ -3427,7 +3427,6 @@ int snd_soc_dapm_put_volsw(struct snd_kcontrol *kcontrol,
update.val = val;
card->update = &update;
}
- change |= reg_change;
ret = soc_dapm_mixer_update_power(card, kcontrol, connect,
rconnect);
@@ -3529,7 +3528,6 @@ int snd_soc_dapm_put_enum_double(struct snd_kcontrol *kcontrol,
update.val = val;
card->update = &update;
}
- change |= reg_change;
ret = soc_dapm_mux_update_power(card, kcontrol, item[0], e);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 063/452] mlxsw: spectrum_dcb: Do not warn about priority changes
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 062/452] ASoC: dapm: Dont fold register value changes into notifications Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 064/452] mlxsw: Treat LLDP packets as control Greg Kroah-Hartman
` (394 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maksym Yaremchuk, Petr Machata,
Ido Schimmel, David S. Miller, Sasha Levin
From: Petr Machata <petrm@nvidia.com>
[ Upstream commit b6b584562cbe7dc357083459d6dd5b171e12cadb ]
The idea behind the warnings is that the user would get warned in case when
more than one priority is configured for a given DSCP value on a netdevice.
The warning is currently wrong, because dcb_ieee_getapp_mask() returns
the first matching entry, not all of them, and the warning will then claim
that some priority is "current", when in fact it is not.
But more importantly, the warning is misleading in general. Consider the
following commands:
# dcb app flush dev swp19 dscp-prio
# dcb app add dev swp19 dscp-prio 24:3
# dcb app replace dev swp19 dscp-prio 24:2
The last command will issue the following warning:
mlxsw_spectrum3 0000:07:00.0 swp19: Ignoring new priority 2 for DSCP 24 in favor of current value of 3
The reason is that the "replace" command works by first adding the new
value, and then removing all old values. This is the only way to make the
replacement without causing the traffic to be prioritized to whatever the
chip defaults to. The warning is issued in response to adding the new
priority, and then no warning is shown when the old priority is removed.
The upshot is that the canonical way to change traffic prioritization
always produces a warning about ignoring the new priority, but what gets
configured is in fact what the user intended.
An option to just emit warning every time that the prioritization changes
just to make it clear that it happened is obviously unsatisfactory.
Therefore, in this patch, remove the warnings.
Reported-by: Maksym Yaremchuk <maksymy@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c
index 5f92b1691360..aff6d4f35cd2 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c
@@ -168,8 +168,6 @@ static int mlxsw_sp_dcbnl_ieee_setets(struct net_device *dev,
static int mlxsw_sp_dcbnl_app_validate(struct net_device *dev,
struct dcb_app *app)
{
- int prio;
-
if (app->priority >= IEEE_8021QAZ_MAX_TCS) {
netdev_err(dev, "APP entry with priority value %u is invalid\n",
app->priority);
@@ -183,17 +181,6 @@ static int mlxsw_sp_dcbnl_app_validate(struct net_device *dev,
app->protocol);
return -EINVAL;
}
-
- /* Warn about any DSCP APP entries with the same PID. */
- prio = fls(dcb_ieee_getapp_mask(dev, app));
- if (prio--) {
- if (prio < app->priority)
- netdev_warn(dev, "Choosing priority %d for DSCP %d in favor of previously-active value of %d\n",
- app->priority, app->protocol, prio);
- else if (prio > app->priority)
- netdev_warn(dev, "Ignoring new priority %d for DSCP %d in favor of current value of %d\n",
- app->priority, app->protocol, prio);
- }
break;
case IEEE_8021QAZ_APP_SEL_ETHERTYPE:
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 064/452] mlxsw: Treat LLDP packets as control
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 063/452] mlxsw: spectrum_dcb: Do not warn about priority changes Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 065/452] drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo Greg Kroah-Hartman
` (393 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maksym Yaremchuk, Petr Machata,
Ido Schimmel, David S. Miller, Sasha Levin
From: Petr Machata <petrm@nvidia.com>
[ Upstream commit 0106668cd2f91bf913fb78972840dedfba80a3c3 ]
When trapping packets for on-CPU processing, Spectrum machines
differentiate between control and non-control traps. Traffic trapped
through non-control traps is treated as data and kept in shared buffer in
pools 0-4. Traffic trapped through control traps is kept in the dedicated
control buffer 9. The advantage of marking traps as control is that
pressure in the data plane does not prevent the control traffic to be
processed.
When the LLDP trap was introduced, it was marked as a control trap. But
then in commit aed4b5721143 ("mlxsw: spectrum: PTP: Hook into packet
receive path"), PTP traps were introduced. Because Ethernet-encapsulated
PTP packets look to the Spectrum-1 ASIC as LLDP traffic and are trapped
under the LLDP trap, this trap was reconfigured as non-control, in sync
with the PTP traps.
There is however no requirement that PTP traffic be handled as data.
Besides, the usual encapsulation for PTP traffic is UDP, not bare Ethernet,
and that is in deployments that even need PTP, which is far less common
than LLDP. This is reflected by the default policer, which was not bumped
up to the 19Kpps / 24Kpps that is the expected load of a PTP-enabled
Spectrum-1 switch.
Marking of LLDP trap as non-control was therefore probably misguided. In
this patch, change it back to control.
Reported-by: Maksym Yaremchuk <maksymy@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlxsw/spectrum_trap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_trap.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_trap.c
index 433f14ade464..02ba6aa01105 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_trap.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_trap.c
@@ -709,7 +709,7 @@ static const struct mlxsw_sp_trap_item mlxsw_sp_trap_items_arr[] = {
.trap = MLXSW_SP_TRAP_CONTROL(LLDP, LLDP, TRAP),
.listeners_arr = {
MLXSW_RXL(mlxsw_sp_rx_ptp_listener, LLDP, TRAP_TO_CPU,
- false, SP_LLDP, DISCARD),
+ true, SP_LLDP, DISCARD),
},
},
{
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 065/452] drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 064/452] mlxsw: Treat LLDP packets as control Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 17:33 ` Deucher, Alexander
2022-06-07 16:58 ` [PATCH 5.10 066/452] HID: bigben: fix slab-out-of-bounds Write in bigben_probe Greg Kroah-Hartman
` (392 subsequent siblings)
457 siblings, 1 reply; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alice Wong, Alex Deucher, Sasha Levin
From: Alice Wong <shiwei.wong@amd.com>
[ Upstream commit ab0cd4a9ae5b4679b714d8dbfedc0901fecdce9f ]
When psp_hw_init failed, it will set the load_type to AMDGPU_FW_LOAD_DIRECT.
During amdgpu_device_ip_fini, amdgpu_ucode_free_bo checks that load_type is
AMDGPU_FW_LOAD_DIRECT and skips deallocating fw_buf causing memory leak.
Remove load_type check in amdgpu_ucode_free_bo.
Signed-off-by: Alice Wong <shiwei.wong@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
index b313ce4c3e97..30005ed8156f 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
@@ -625,8 +625,7 @@ int amdgpu_ucode_create_bo(struct amdgpu_device *adev)
void amdgpu_ucode_free_bo(struct amdgpu_device *adev)
{
- if (adev->firmware.load_type != AMDGPU_FW_LOAD_DIRECT)
- amdgpu_bo_free_kernel(&adev->firmware.fw_buf,
+ amdgpu_bo_free_kernel(&adev->firmware.fw_buf,
&adev->firmware.fw_buf_mc,
&adev->firmware.fw_buf_ptr);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 066/452] HID: bigben: fix slab-out-of-bounds Write in bigben_probe
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 065/452] drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 067/452] ASoC: tscs454: Add endianness flag in snd_soc_component_driver Greg Kroah-Hartman
` (391 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzkaller, Dongliang Mu, Jiri Kosina,
Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit fc4ef9d5724973193bfa5ebed181dba6de3a56db ]
There is a slab-out-of-bounds Write bug in hid-bigbenff driver.
The problem is the driver assumes the device must have an input but
some malicious devices violate this assumption.
Fix this by checking hid_device's input is non-empty before its usage.
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-bigbenff.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/hid/hid-bigbenff.c b/drivers/hid/hid-bigbenff.c
index 74ad8bf98bfd..e8c5e3ac9fff 100644
--- a/drivers/hid/hid-bigbenff.c
+++ b/drivers/hid/hid-bigbenff.c
@@ -347,6 +347,12 @@ static int bigben_probe(struct hid_device *hid,
bigben->report = list_entry(report_list->next,
struct hid_report, list);
+ if (list_empty(&hid->inputs)) {
+ hid_err(hid, "no inputs found\n");
+ error = -ENODEV;
+ goto error_hw_stop;
+ }
+
hidinput = list_first_entry(&hid->inputs, struct hid_input, list);
set_bit(FF_RUMBLE, hidinput->input->ffbit);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 067/452] ASoC: tscs454: Add endianness flag in snd_soc_component_driver
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 066/452] HID: bigben: fix slab-out-of-bounds Write in bigben_probe Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 068/452] net: remove two BUG() from skb_checksum_help() Greg Kroah-Hartman
` (390 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Charles Keepax, Mark Brown, Sasha Levin
From: Charles Keepax <ckeepax@opensource.cirrus.com>
[ Upstream commit ff69ec96b87dccb3a29edef8cec5d4fefbbc2055 ]
The endianness flag is used on the CODEC side to specify an
ambivalence to endian, typically because it is lost over the hardware
link. This device receives audio over an I2S DAI and as such should
have endianness applied.
A fixup is also required to use the width directly rather than relying
on the format in hw_params, now both little and big endian would be
supported. It is worth noting this changes the behaviour of S24_LE to
use a word length of 24 rather than 32. This would appear to be a
correction since the fact S24_LE is stored as 32 bits should not be
presented over the bus.
Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20220504170905.332415-26-ckeepax@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/tscs454.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/sound/soc/codecs/tscs454.c b/sound/soc/codecs/tscs454.c
index d0af16b4db2f..a6f339bb4771 100644
--- a/sound/soc/codecs/tscs454.c
+++ b/sound/soc/codecs/tscs454.c
@@ -3115,18 +3115,17 @@ static int set_aif_sample_format(struct snd_soc_component *component,
unsigned int width;
int ret;
- switch (format) {
- case SNDRV_PCM_FORMAT_S16_LE:
+ switch (snd_pcm_format_width(format)) {
+ case 16:
width = FV_WL_16;
break;
- case SNDRV_PCM_FORMAT_S20_3LE:
+ case 20:
width = FV_WL_20;
break;
- case SNDRV_PCM_FORMAT_S24_3LE:
+ case 24:
width = FV_WL_24;
break;
- case SNDRV_PCM_FORMAT_S24_LE:
- case SNDRV_PCM_FORMAT_S32_LE:
+ case 32:
width = FV_WL_32;
break;
default:
@@ -3321,6 +3320,7 @@ static const struct snd_soc_component_driver soc_component_dev_tscs454 = {
.num_dapm_routes = ARRAY_SIZE(tscs454_intercon),
.controls = tscs454_snd_controls,
.num_controls = ARRAY_SIZE(tscs454_snd_controls),
+ .endianness = 1,
};
#define TSCS454_RATES SNDRV_PCM_RATE_8000_96000
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 068/452] net: remove two BUG() from skb_checksum_help()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 067/452] ASoC: tscs454: Add endianness flag in snd_soc_component_driver Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 069/452] s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES Greg Kroah-Hartman
` (389 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, David S. Miller, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit d7ea0d9df2a6265b2b180d17ebc64b38105968fc ]
I have a syzbot report that managed to get a crash in skb_checksum_help()
If syzbot can trigger these BUG(), it makes sense to replace
them with more friendly WARN_ON_ONCE() since skb_checksum_help()
can instead return an error code.
Note that syzbot will still crash there, until real bug is fixed.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/dev.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index 0bab2aca07fd..af52050b0f38 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3241,11 +3241,15 @@ int skb_checksum_help(struct sk_buff *skb)
}
offset = skb_checksum_start_offset(skb);
- BUG_ON(offset >= skb_headlen(skb));
+ ret = -EINVAL;
+ if (WARN_ON_ONCE(offset >= skb_headlen(skb)))
+ goto out;
+
csum = skb_checksum(skb, offset, skb->len - offset, 0);
offset += skb->csum_offset;
- BUG_ON(offset + sizeof(__sum16) > skb_headlen(skb));
+ if (WARN_ON_ONCE(offset + sizeof(__sum16) > skb_headlen(skb)))
+ goto out;
ret = skb_ensure_writable(skb, offset + sizeof(__sum16));
if (ret)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 069/452] s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 068/452] net: remove two BUG() from skb_checksum_help() Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 070/452] perf/amd/ibs: Cascade pmu init functions return value Greg Kroah-Hartman
` (388 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Richter, Sven Schnelle,
Heiko Carstens, Sasha Levin
From: Heiko Carstens <hca@linux.ibm.com>
[ Upstream commit 63678eecec57fc51b778be3da35a397931287170 ]
gcc 12 does not (always) optimize away code that should only be generated
if parameters are constant and within in a certain range. This depends on
various obscure kernel config options, however in particular
PROFILE_ALL_BRANCHES can trigger this compile error:
In function ‘__atomic_add_const’,
inlined from ‘__preempt_count_add.part.0’ at ./arch/s390/include/asm/preempt.h:50:3:
./arch/s390/include/asm/atomic_ops.h:80:9: error: impossible constraint in ‘asm’
80 | asm volatile( \
| ^~~
Workaround this by simply disabling the optimization for
PROFILE_ALL_BRANCHES, since the kernel will be so slow, that this
optimization won't matter at all.
Reported-by: Thomas Richter <tmricht@linux.ibm.com>
Reviewed-by: Sven Schnelle <svens@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/include/asm/preempt.h | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/arch/s390/include/asm/preempt.h b/arch/s390/include/asm/preempt.h
index b5f545db461a..60e101b8460c 100644
--- a/arch/s390/include/asm/preempt.h
+++ b/arch/s390/include/asm/preempt.h
@@ -46,10 +46,17 @@ static inline bool test_preempt_need_resched(void)
static inline void __preempt_count_add(int val)
{
- if (__builtin_constant_p(val) && (val >= -128) && (val <= 127))
- __atomic_add_const(val, &S390_lowcore.preempt_count);
- else
- __atomic_add(val, &S390_lowcore.preempt_count);
+ /*
+ * With some obscure config options and CONFIG_PROFILE_ALL_BRANCHES
+ * enabled, gcc 12 fails to handle __builtin_constant_p().
+ */
+ if (!IS_ENABLED(CONFIG_PROFILE_ALL_BRANCHES)) {
+ if (__builtin_constant_p(val) && (val >= -128) && (val <= 127)) {
+ __atomic_add_const(val, &S390_lowcore.preempt_count);
+ return;
+ }
+ }
+ __atomic_add(val, &S390_lowcore.preempt_count);
}
static inline void __preempt_count_sub(int val)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 070/452] perf/amd/ibs: Cascade pmu init functions return value
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 069/452] s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 071/452] spi: stm32-qspi: Fix wait_cmd timeout in APM mode Greg Kroah-Hartman
` (387 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ravi Bangoria, Peter Zijlstra (Intel),
Sasha Levin
From: Ravi Bangoria <ravi.bangoria@amd.com>
[ Upstream commit 39b2ca75eec8a33e2ffdb8aa0c4840ec3e3b472c ]
IBS pmu initialization code ignores return value provided by
callee functions. Fix it.
Signed-off-by: Ravi Bangoria <ravi.bangoria@amd.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20220509044914.1473-2-ravi.bangoria@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/events/amd/ibs.c | 37 +++++++++++++++++++++++++++++--------
1 file changed, 29 insertions(+), 8 deletions(-)
diff --git a/arch/x86/events/amd/ibs.c b/arch/x86/events/amd/ibs.c
index ccc9ee1971e8..780d89d2ae32 100644
--- a/arch/x86/events/amd/ibs.c
+++ b/arch/x86/events/amd/ibs.c
@@ -764,9 +764,10 @@ static __init int perf_ibs_pmu_init(struct perf_ibs *perf_ibs, char *name)
return ret;
}
-static __init void perf_event_ibs_init(void)
+static __init int perf_event_ibs_init(void)
{
struct attribute **attr = ibs_op_format_attrs;
+ int ret;
/*
* Some chips fail to reset the fetch count when it is written; instead
@@ -778,7 +779,9 @@ static __init void perf_event_ibs_init(void)
if (boot_cpu_data.x86 == 0x19 && boot_cpu_data.x86_model < 0x10)
perf_ibs_fetch.fetch_ignore_if_zero_rip = 1;
- perf_ibs_pmu_init(&perf_ibs_fetch, "ibs_fetch");
+ ret = perf_ibs_pmu_init(&perf_ibs_fetch, "ibs_fetch");
+ if (ret)
+ return ret;
if (ibs_caps & IBS_CAPS_OPCNT) {
perf_ibs_op.config_mask |= IBS_OP_CNT_CTL;
@@ -791,15 +794,35 @@ static __init void perf_event_ibs_init(void)
perf_ibs_op.cnt_mask |= IBS_OP_MAX_CNT_EXT_MASK;
}
- perf_ibs_pmu_init(&perf_ibs_op, "ibs_op");
+ ret = perf_ibs_pmu_init(&perf_ibs_op, "ibs_op");
+ if (ret)
+ goto err_op;
+
+ ret = register_nmi_handler(NMI_LOCAL, perf_ibs_nmi_handler, 0, "perf_ibs");
+ if (ret)
+ goto err_nmi;
- register_nmi_handler(NMI_LOCAL, perf_ibs_nmi_handler, 0, "perf_ibs");
pr_info("perf: AMD IBS detected (0x%08x)\n", ibs_caps);
+ return 0;
+
+err_nmi:
+ perf_pmu_unregister(&perf_ibs_op.pmu);
+ free_percpu(perf_ibs_op.pcpu);
+ perf_ibs_op.pcpu = NULL;
+err_op:
+ perf_pmu_unregister(&perf_ibs_fetch.pmu);
+ free_percpu(perf_ibs_fetch.pcpu);
+ perf_ibs_fetch.pcpu = NULL;
+
+ return ret;
}
#else /* defined(CONFIG_PERF_EVENTS) && defined(CONFIG_CPU_SUP_AMD) */
-static __init void perf_event_ibs_init(void) { }
+static __init int perf_event_ibs_init(void)
+{
+ return 0;
+}
#endif
@@ -1069,9 +1092,7 @@ static __init int amd_ibs_init(void)
x86_pmu_amd_ibs_starting_cpu,
x86_pmu_amd_ibs_dying_cpu);
- perf_event_ibs_init();
-
- return 0;
+ return perf_event_ibs_init();
}
/* Since we need the pci subsystem to init ibs we can't do this earlier: */
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 071/452] spi: stm32-qspi: Fix wait_cmd timeout in APM mode
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 070/452] perf/amd/ibs: Cascade pmu init functions return value Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 072/452] dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC Greg Kroah-Hartman
` (386 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Patrice Chotard, eberhard.stoll,
Mark Brown, Sasha Levin
From: Patrice Chotard <patrice.chotard@foss.st.com>
[ Upstream commit d83d89ea68b4726700fa87b22db075e4217e691c ]
In APM mode, TCF and TEF flags are not set. To avoid timeout in
stm32_qspi_wait_cmd(), don't check if TCF/TEF are set.
Signed-off-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reported-by: eberhard.stoll@kontron.de
Link: https://lore.kernel.org/r/20220511074644.558874-2-patrice.chotard@foss.st.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-stm32-qspi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/spi/spi-stm32-qspi.c b/drivers/spi/spi-stm32-qspi.c
index 4f24f6392212..9c58dcd7b324 100644
--- a/drivers/spi/spi-stm32-qspi.c
+++ b/drivers/spi/spi-stm32-qspi.c
@@ -295,7 +295,8 @@ static int stm32_qspi_wait_cmd(struct stm32_qspi *qspi,
if (!op->data.nbytes)
goto wait_nobusy;
- if (readl_relaxed(qspi->io_base + QSPI_SR) & SR_TCF)
+ if ((readl_relaxed(qspi->io_base + QSPI_SR) & SR_TCF) ||
+ qspi->fmode == CCR_FMODE_APM)
goto out;
reinit_completion(&qspi->data_completion);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 072/452] dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 071/452] spi: stm32-qspi: Fix wait_cmd timeout in APM mode Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 073/452] ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default Greg Kroah-Hartman
` (385 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Christoph Hellwig,
Sasha Levin
From: Mikulas Patocka <mpatocka@redhat.com>
[ Upstream commit 84bc4f1dbbbb5f8aa68706a96711dccb28b518e5 ]
We observed the error "cacheline tracking ENOMEM, dma-debug disabled"
during a light system load (copying some files). The reason for this error
is that the dma_active_cacheline radix tree uses GFP_NOWAIT allocation -
so it can't access the emergency memory reserves and it fails as soon as
anybody reaches the watermark.
This patch changes GFP_NOWAIT to GFP_ATOMIC, so that it can access the
emergency memory reserves.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/dma/debug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/dma/debug.c b/kernel/dma/debug.c
index f8ae54679865..ee7da1f2462f 100644
--- a/kernel/dma/debug.c
+++ b/kernel/dma/debug.c
@@ -448,7 +448,7 @@ void debug_dma_dump_mappings(struct device *dev)
* other hand, consumes a single dma_debug_entry, but inserts 'nents'
* entries into the tree.
*/
-static RADIX_TREE(dma_active_cacheline, GFP_NOWAIT);
+static RADIX_TREE(dma_active_cacheline, GFP_ATOMIC);
static DEFINE_SPINLOCK(radix_lock);
#define ACTIVE_CACHELINE_MAX_OVERLAP ((1 << RADIX_TREE_MAX_TAGS) - 1)
#define CACHELINE_PER_PAGE_SHIFT (PAGE_SHIFT - L1_CACHE_SHIFT)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 073/452] ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 072/452] dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 074/452] ipmi:ssif: Check for NULL msg when handling events and messages Greg Kroah-Hartman
` (384 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jian-Hong Pan, Mario Limonciello,
Rafael J. Wysocki, Sasha Levin
From: Mario Limonciello <mario.limonciello@amd.com>
[ Upstream commit d52848620de00cde4a3a5df908e231b8c8868250 ]
ASUS B1400CEAE fails to resume from suspend to idle by default. This was
bisected back to commit df4f9bc4fb9c ("nvme-pci: add support for ACPI
StorageD3Enable property") but this is a red herring to the problem.
Before this commit the system wasn't getting into deepest sleep state.
Presumably this commit is allowing entry into deepest sleep state as
advertised by firmware, but there are some other problems related to
the wakeup.
As it is confirmed the system works properly with S3, set the default for
this system to S3.
Reported-by: Jian-Hong Pan <jhp@endlessos.org>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215742
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Tested-by: Jian-Hong Pan <jhp@endlessos.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/sleep.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c
index 503935b1deeb..cfda5720de02 100644
--- a/drivers/acpi/sleep.c
+++ b/drivers/acpi/sleep.c
@@ -377,6 +377,18 @@ static const struct dmi_system_id acpisleep_dmi_table[] __initconst = {
DMI_MATCH(DMI_PRODUCT_NAME, "20GGA00L00"),
},
},
+ /*
+ * ASUS B1400CEAE hangs on resume from suspend (see
+ * https://bugzilla.kernel.org/show_bug.cgi?id=215742).
+ */
+ {
+ .callback = init_default_s3,
+ .ident = "ASUS B1400CEAE",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "ASUS EXPERTBOOK B1400CEAE"),
+ },
+ },
{},
};
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 074/452] ipmi:ssif: Check for NULL msg when handling events and messages
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 073/452] ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 075/452] ipmi: Fix pr_fmt to avoid compilation issues Greg Kroah-Hartman
` (383 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haowen Bai, Corey Minyard, Sasha Levin
From: Corey Minyard <cminyard@mvista.com>
[ Upstream commit 7602b957e2404e5f98d9a40b68f1fd27f0028712 ]
Even though it's not possible to get into the SSIF_GETTING_MESSAGES and
SSIF_GETTING_EVENTS states without a valid message in the msg field,
it's probably best to be defensive here and check and print a log, since
that means something else went wrong.
Also add a default clause to that switch statement to release the lock
and print a log, in case the state variable gets messed up somehow.
Reported-by: Haowen Bai <baihaowen@meizu.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/ipmi/ipmi_ssif.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
index 3de679723648..477139749513 100644
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -840,6 +840,14 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result,
break;
case SSIF_GETTING_EVENTS:
+ if (!msg) {
+ /* Should never happen, but just in case. */
+ dev_warn(&ssif_info->client->dev,
+ "No message set while getting events\n");
+ ipmi_ssif_unlock_cond(ssif_info, flags);
+ break;
+ }
+
if ((result < 0) || (len < 3) || (msg->rsp[2] != 0)) {
/* Error getting event, probably done. */
msg->done(msg);
@@ -864,6 +872,14 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result,
break;
case SSIF_GETTING_MESSAGES:
+ if (!msg) {
+ /* Should never happen, but just in case. */
+ dev_warn(&ssif_info->client->dev,
+ "No message set while getting messages\n");
+ ipmi_ssif_unlock_cond(ssif_info, flags);
+ break;
+ }
+
if ((result < 0) || (len < 3) || (msg->rsp[2] != 0)) {
/* Error getting event, probably done. */
msg->done(msg);
@@ -887,6 +903,13 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result,
deliver_recv_msg(ssif_info, msg);
}
break;
+
+ default:
+ /* Should never happen, but just in case. */
+ dev_warn(&ssif_info->client->dev,
+ "Invalid state in message done handling: %d\n",
+ ssif_info->ssif_state);
+ ipmi_ssif_unlock_cond(ssif_info, flags);
}
flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 075/452] ipmi: Fix pr_fmt to avoid compilation issues
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 074/452] ipmi:ssif: Check for NULL msg when handling events and messages Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 076/452] rtlwifi: Use pr_warn instead of WARN_ONCE Greg Kroah-Hartman
` (382 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Corey Minyard,
Sasha Levin
From: Corey Minyard <cminyard@mvista.com>
[ Upstream commit 2ebaf18a0b7fb764bba6c806af99fe868cee93de ]
The was it was wouldn't work in some situations, simplify it. What was
there was unnecessary complexity.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/ipmi/ipmi_msghandler.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
index 8f147274f826..05e7339752ac 100644
--- a/drivers/char/ipmi/ipmi_msghandler.c
+++ b/drivers/char/ipmi/ipmi_msghandler.c
@@ -11,8 +11,8 @@
* Copyright 2002 MontaVista Software Inc.
*/
-#define pr_fmt(fmt) "%s" fmt, "IPMI message handler: "
-#define dev_fmt pr_fmt
+#define pr_fmt(fmt) "IPMI message handler: " fmt
+#define dev_fmt(fmt) pr_fmt(fmt)
#include <linux/module.h>
#include <linux/errno.h>
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 076/452] rtlwifi: Use pr_warn instead of WARN_ONCE
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 075/452] ipmi: Fix pr_fmt to avoid compilation issues Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 077/452] media: rga: fix possible memory leak in rga_probe Greg Kroah-Hartman
` (381 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzkaller, Dongliang Mu, Kalle Valo,
Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit ad732da434a2936128769216eddaece3b1af4588 ]
This memory allocation failure can be triggered by fault injection or
high pressure testing, resulting a WARN.
Fix this by replacing WARN with pr_warn.
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220511014453.1621366-1-dzm91@hust.edu.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/usb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
index 06e073defad6..c6e4fda7e431 100644
--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
+++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
@@ -1015,7 +1015,7 @@ int rtl_usb_probe(struct usb_interface *intf,
hw = ieee80211_alloc_hw(sizeof(struct rtl_priv) +
sizeof(struct rtl_usb_priv), &rtl_ops);
if (!hw) {
- WARN_ONCE(true, "rtl_usb: ieee80211 alloc failed\n");
+ pr_warn("rtl_usb: ieee80211 alloc failed\n");
return -ENOMEM;
}
rtlpriv = hw->priv;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 077/452] media: rga: fix possible memory leak in rga_probe
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 076/452] rtlwifi: Use pr_warn instead of WARN_ONCE Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 078/452] media: coda: limit frame interval enumeration to supported encoder frame sizes Greg Kroah-Hartman
` (380 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hangyu Hua, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit a71eb6025305192e646040cd76ccacb5bd48a1b5 ]
rga->m2m_dev needs to be freed when rga_probe fails.
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/rockchip/rga/rga.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/rockchip/rga/rga.c b/drivers/media/platform/rockchip/rga/rga.c
index d99ea8973b67..e3246344fb72 100644
--- a/drivers/media/platform/rockchip/rga/rga.c
+++ b/drivers/media/platform/rockchip/rga/rga.c
@@ -868,7 +868,7 @@ static int rga_probe(struct platform_device *pdev)
ret = pm_runtime_resume_and_get(rga->dev);
if (ret < 0)
- goto rel_vdev;
+ goto rel_m2m;
rga->version.major = (rga_read(rga, RGA_VERSION_INFO) >> 24) & 0xFF;
rga->version.minor = (rga_read(rga, RGA_VERSION_INFO) >> 20) & 0x0F;
@@ -884,7 +884,7 @@ static int rga_probe(struct platform_device *pdev)
DMA_ATTR_WRITE_COMBINE);
if (!rga->cmdbuf_virt) {
ret = -ENOMEM;
- goto rel_vdev;
+ goto rel_m2m;
}
rga->src_mmu_pages =
@@ -921,6 +921,8 @@ static int rga_probe(struct platform_device *pdev)
free_dma:
dma_free_attrs(rga->dev, RGA_CMDBUF_SIZE, rga->cmdbuf_virt,
rga->cmdbuf_phy, DMA_ATTR_WRITE_COMBINE);
+rel_m2m:
+ v4l2_m2m_release(rga->m2m_dev);
rel_vdev:
video_device_release(vfd);
unreg_v4l2_dev:
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 078/452] media: coda: limit frame interval enumeration to supported encoder frame sizes
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 077/452] media: rga: fix possible memory leak in rga_probe Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 079/452] media: imon: reorganize serialization Greg Kroah-Hartman
` (379 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Philipp Zabel, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Philipp Zabel <p.zabel@pengutronix.de>
[ Upstream commit 67e33dd957880879e785cfea83a3aa24bd5c5577 ]
Let VIDIOC_ENUM_FRAMEINTERVALS return -EINVAL if userspace queries
frame intervals for frame sizes unsupported by the encoder. Fixes the
following v4l2-compliance failure:
fail: v4l2-test-formats.cpp(123): found frame intervals for invalid size 47x16
fail: v4l2-test-formats.cpp(282): node->codec_mask & STATEFUL_ENCODER
test VIDIOC_ENUM_FMT/FRAMESIZES/FRAMEINTERVALS: FAIL
[hverkuil: drop incorrect 'For decoder devices, return -ENOTTY.' in the commit log]
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/coda/coda-common.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/drivers/media/platform/coda/coda-common.c b/drivers/media/platform/coda/coda-common.c
index 2333079a83c7..99f6d22e0c3c 100644
--- a/drivers/media/platform/coda/coda-common.c
+++ b/drivers/media/platform/coda/coda-common.c
@@ -1318,7 +1318,8 @@ static int coda_enum_frameintervals(struct file *file, void *fh,
struct v4l2_frmivalenum *f)
{
struct coda_ctx *ctx = fh_to_ctx(fh);
- int i;
+ struct coda_q_data *q_data;
+ const struct coda_codec *codec;
if (f->index)
return -EINVAL;
@@ -1327,12 +1328,19 @@ static int coda_enum_frameintervals(struct file *file, void *fh,
if (!ctx->vdoa && f->pixel_format == V4L2_PIX_FMT_YUYV)
return -EINVAL;
- for (i = 0; i < CODA_MAX_FORMATS; i++) {
- if (f->pixel_format == ctx->cvd->src_formats[i] ||
- f->pixel_format == ctx->cvd->dst_formats[i])
- break;
+ if (coda_format_normalize_yuv(f->pixel_format) == V4L2_PIX_FMT_YUV420) {
+ q_data = get_q_data(ctx, V4L2_BUF_TYPE_VIDEO_CAPTURE);
+ codec = coda_find_codec(ctx->dev, f->pixel_format,
+ q_data->fourcc);
+ } else {
+ codec = coda_find_codec(ctx->dev, V4L2_PIX_FMT_YUV420,
+ f->pixel_format);
}
- if (i == CODA_MAX_FORMATS)
+ if (!codec)
+ return -EINVAL;
+
+ if (f->width < MIN_W || f->width > codec->max_w ||
+ f->height < MIN_H || f->height > codec->max_h)
return -EINVAL;
f->type = V4L2_FRMIVAL_TYPE_CONTINUOUS;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 079/452] media: imon: reorganize serialization
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 078/452] media: coda: limit frame interval enumeration to supported encoder frame sizes Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 080/452] media: cec-adap.c: fix is_configuring state Greg Kroah-Hartman
` (378 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Tetsuo Handa, Alan Stern,
Sean Young, Mauro Carvalho Chehab, Sasha Levin
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit db264d4c66c0fe007b5d19fd007707cd0697603d ]
Since usb_register_dev() from imon_init_display() from imon_probe() holds
minor_rwsem while display_open() which holds driver_lock and ictx->lock is
called with minor_rwsem held from usb_open(), holding driver_lock or
ictx->lock when calling usb_register_dev() causes circular locking
dependency problem.
Since usb_deregister_dev() from imon_disconnect() holds minor_rwsem while
display_open() which holds driver_lock is called with minor_rwsem held,
holding driver_lock when calling usb_deregister_dev() also causes circular
locking dependency problem.
Sean Young explained that the problem is there are imon devices which have
two usb interfaces, even though it is one device. The probe and disconnect
function of both usb interfaces can run concurrently.
Alan Stern responded that the driver and USB cores guarantee that when an
interface is probed, both the interface and its USB device are locked.
Ditto for when the disconnect callback gets run. So concurrent probing/
disconnection of multiple interfaces on the same device is not possible.
Therefore, we don't need locks for handling race between imon_probe() and
imon_disconnect(). But we still need to handle race between display_open()
/vfd_write()/lcd_write()/display_close() and imon_disconnect(), for
disconnect event can happen while file descriptors are in use.
Since "struct file"->private_data is set by display_open(), vfd_write()/
lcd_write()/display_close() can assume that "struct file"->private_data
is not NULL even after usb_set_intfdata(interface, NULL) was called.
Replace insufficiently held driver_lock with refcount_t based management.
Add a boolean flag for recording whether imon_disconnect() was already
called. Use RCU for accessing this boolean flag and refcount_t.
Since the boolean flag for imon_disconnect() is shared, disconnect event
on either intf0 or intf1 affects both interfaces. But I assume that this
change does not matter, for usually disconnect event would not happen
while interfaces are in use.
Link: https://syzkaller.appspot.com/bug?extid=c558267ad910fc494497
Reported-by: syzbot <syzbot+c558267ad910fc494497@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Tested-by: syzbot <syzbot+c558267ad910fc494497@syzkaller.appspotmail.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/rc/imon.c | 99 +++++++++++++++++++----------------------
1 file changed, 47 insertions(+), 52 deletions(-)
diff --git a/drivers/media/rc/imon.c b/drivers/media/rc/imon.c
index a7962ca2ac8e..bc9ac6002e25 100644
--- a/drivers/media/rc/imon.c
+++ b/drivers/media/rc/imon.c
@@ -153,6 +153,24 @@ struct imon_context {
const struct imon_usb_dev_descr *dev_descr;
/* device description with key */
/* table for front panels */
+ /*
+ * Fields for deferring free_imon_context().
+ *
+ * Since reference to "struct imon_context" is stored into
+ * "struct file"->private_data, we need to remember
+ * how many file descriptors might access this "struct imon_context".
+ */
+ refcount_t users;
+ /*
+ * Use a flag for telling display_open()/vfd_write()/lcd_write() that
+ * imon_disconnect() was already called.
+ */
+ bool disconnected;
+ /*
+ * We need to wait for RCU grace period in order to allow
+ * display_open() to safely check ->disconnected and increment ->users.
+ */
+ struct rcu_head rcu;
};
#define TOUCH_TIMEOUT (HZ/30)
@@ -160,18 +178,18 @@ struct imon_context {
/* vfd character device file operations */
static const struct file_operations vfd_fops = {
.owner = THIS_MODULE,
- .open = &display_open,
- .write = &vfd_write,
- .release = &display_close,
+ .open = display_open,
+ .write = vfd_write,
+ .release = display_close,
.llseek = noop_llseek,
};
/* lcd character device file operations */
static const struct file_operations lcd_fops = {
.owner = THIS_MODULE,
- .open = &display_open,
- .write = &lcd_write,
- .release = &display_close,
+ .open = display_open,
+ .write = lcd_write,
+ .release = display_close,
.llseek = noop_llseek,
};
@@ -439,9 +457,6 @@ static struct usb_driver imon_driver = {
.id_table = imon_usb_id_table,
};
-/* to prevent races between open() and disconnect(), probing, etc */
-static DEFINE_MUTEX(driver_lock);
-
/* Module bookkeeping bits */
MODULE_AUTHOR(MOD_AUTHOR);
MODULE_DESCRIPTION(MOD_DESC);
@@ -481,9 +496,11 @@ static void free_imon_context(struct imon_context *ictx)
struct device *dev = ictx->dev;
usb_free_urb(ictx->tx_urb);
+ WARN_ON(ictx->dev_present_intf0);
usb_free_urb(ictx->rx_urb_intf0);
+ WARN_ON(ictx->dev_present_intf1);
usb_free_urb(ictx->rx_urb_intf1);
- kfree(ictx);
+ kfree_rcu(ictx, rcu);
dev_dbg(dev, "%s: iMON context freed\n", __func__);
}
@@ -499,9 +516,6 @@ static int display_open(struct inode *inode, struct file *file)
int subminor;
int retval = 0;
- /* prevent races with disconnect */
- mutex_lock(&driver_lock);
-
subminor = iminor(inode);
interface = usb_find_interface(&imon_driver, subminor);
if (!interface) {
@@ -509,13 +523,16 @@ static int display_open(struct inode *inode, struct file *file)
retval = -ENODEV;
goto exit;
}
- ictx = usb_get_intfdata(interface);
- if (!ictx) {
+ rcu_read_lock();
+ ictx = usb_get_intfdata(interface);
+ if (!ictx || ictx->disconnected || !refcount_inc_not_zero(&ictx->users)) {
+ rcu_read_unlock();
pr_err("no context found for minor %d\n", subminor);
retval = -ENODEV;
goto exit;
}
+ rcu_read_unlock();
mutex_lock(&ictx->lock);
@@ -533,8 +550,10 @@ static int display_open(struct inode *inode, struct file *file)
mutex_unlock(&ictx->lock);
+ if (retval && refcount_dec_and_test(&ictx->users))
+ free_imon_context(ictx);
+
exit:
- mutex_unlock(&driver_lock);
return retval;
}
@@ -544,16 +563,9 @@ static int display_open(struct inode *inode, struct file *file)
*/
static int display_close(struct inode *inode, struct file *file)
{
- struct imon_context *ictx = NULL;
+ struct imon_context *ictx = file->private_data;
int retval = 0;
- ictx = file->private_data;
-
- if (!ictx) {
- pr_err("no context for device\n");
- return -ENODEV;
- }
-
mutex_lock(&ictx->lock);
if (!ictx->display_supported) {
@@ -568,6 +580,8 @@ static int display_close(struct inode *inode, struct file *file)
}
mutex_unlock(&ictx->lock);
+ if (refcount_dec_and_test(&ictx->users))
+ free_imon_context(ictx);
return retval;
}
@@ -937,15 +951,12 @@ static ssize_t vfd_write(struct file *file, const char __user *buf,
int offset;
int seq;
int retval = 0;
- struct imon_context *ictx;
+ struct imon_context *ictx = file->private_data;
static const unsigned char vfd_packet6[] = {
0x01, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF };
- ictx = file->private_data;
- if (!ictx) {
- pr_err_ratelimited("no context for device\n");
+ if (ictx->disconnected)
return -ENODEV;
- }
mutex_lock(&ictx->lock);
@@ -1021,13 +1032,10 @@ static ssize_t lcd_write(struct file *file, const char __user *buf,
size_t n_bytes, loff_t *pos)
{
int retval = 0;
- struct imon_context *ictx;
+ struct imon_context *ictx = file->private_data;
- ictx = file->private_data;
- if (!ictx) {
- pr_err_ratelimited("no context for device\n");
+ if (ictx->disconnected)
return -ENODEV;
- }
mutex_lock(&ictx->lock);
@@ -2405,7 +2413,6 @@ static int imon_probe(struct usb_interface *interface,
int ifnum, sysfs_err;
int ret = 0;
struct imon_context *ictx = NULL;
- struct imon_context *first_if_ctx = NULL;
u16 vendor, product;
usbdev = usb_get_dev(interface_to_usbdev(interface));
@@ -2417,17 +2424,12 @@ static int imon_probe(struct usb_interface *interface,
dev_dbg(dev, "%s: found iMON device (%04x:%04x, intf%d)\n",
__func__, vendor, product, ifnum);
- /* prevent races probing devices w/multiple interfaces */
- mutex_lock(&driver_lock);
-
first_if = usb_ifnum_to_if(usbdev, 0);
if (!first_if) {
ret = -ENODEV;
goto fail;
}
- first_if_ctx = usb_get_intfdata(first_if);
-
if (ifnum == 0) {
ictx = imon_init_intf0(interface, id);
if (!ictx) {
@@ -2435,9 +2437,11 @@ static int imon_probe(struct usb_interface *interface,
ret = -ENODEV;
goto fail;
}
+ refcount_set(&ictx->users, 1);
} else {
/* this is the secondary interface on the device */
+ struct imon_context *first_if_ctx = usb_get_intfdata(first_if);
/* fail early if first intf failed to register */
if (!first_if_ctx) {
@@ -2451,14 +2455,13 @@ static int imon_probe(struct usb_interface *interface,
ret = -ENODEV;
goto fail;
}
+ refcount_inc(&ictx->users);
}
usb_set_intfdata(interface, ictx);
if (ifnum == 0) {
- mutex_lock(&ictx->lock);
-
if (product == 0xffdc && ictx->rf_device) {
sysfs_err = sysfs_create_group(&interface->dev.kobj,
&imon_rf_attr_group);
@@ -2469,21 +2472,17 @@ static int imon_probe(struct usb_interface *interface,
if (ictx->display_supported)
imon_init_display(ictx, interface);
-
- mutex_unlock(&ictx->lock);
}
dev_info(dev, "iMON device (%04x:%04x, intf%d) on usb<%d:%d> initialized\n",
vendor, product, ifnum,
usbdev->bus->busnum, usbdev->devnum);
- mutex_unlock(&driver_lock);
usb_put_dev(usbdev);
return 0;
fail:
- mutex_unlock(&driver_lock);
usb_put_dev(usbdev);
dev_err(dev, "unable to register, err %d\n", ret);
@@ -2499,10 +2498,8 @@ static void imon_disconnect(struct usb_interface *interface)
struct device *dev;
int ifnum;
- /* prevent races with multi-interface device probing and display_open */
- mutex_lock(&driver_lock);
-
ictx = usb_get_intfdata(interface);
+ ictx->disconnected = true;
dev = ictx->dev;
ifnum = interface->cur_altsetting->desc.bInterfaceNumber;
@@ -2543,11 +2540,9 @@ static void imon_disconnect(struct usb_interface *interface)
}
}
- if (!ictx->dev_present_intf0 && !ictx->dev_present_intf1)
+ if (refcount_dec_and_test(&ictx->users))
free_imon_context(ictx);
- mutex_unlock(&driver_lock);
-
dev_dbg(dev, "%s: iMON device (intf%d) disconnected\n",
__func__, ifnum);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 080/452] media: cec-adap.c: fix is_configuring state
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 079/452] media: imon: reorganize serialization Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 081/452] openrisc: start CPU timer early in boot Greg Kroah-Hartman
` (377 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans Verkuil, Mauro Carvalho Chehab,
Sasha Levin
From: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[ Upstream commit 59267fc34f4900dcd2ec3295f6be04b79aee2186 ]
If an adapter is trying to claim a free logical address then it is
in the 'is_configuring' state. If during that process the cable is
disconnected (HPD goes low, which in turn invalidates the physical
address), then cec_adap_unconfigure() is called, and that set the
is_configuring boolean to false, even though the thread that's
trying to claim an LA is still running.
Don't touch the is_configuring bool in cec_adap_unconfigure(), it
will eventually be cleared by the thread. By making that change
the cec_config_log_addr() function also had to change: it was
aborting if is_configuring became false (since that is what
cec_adap_unconfigure() did), but that no longer works. Instead
check if the physical address is invalid. That is a much
more appropriate check anyway.
This fixes a bug where the the adapter could be disabled even
though the device was still configuring. This could cause POLL
transmits to time out.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/cec/core/cec-adap.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/media/cec/core/cec-adap.c b/drivers/media/cec/core/cec-adap.c
index 2e5698fbc3a8..e23aa608f66f 100644
--- a/drivers/media/cec/core/cec-adap.c
+++ b/drivers/media/cec/core/cec-adap.c
@@ -1271,7 +1271,7 @@ static int cec_config_log_addr(struct cec_adapter *adap,
* While trying to poll the physical address was reset
* and the adapter was unconfigured, so bail out.
*/
- if (!adap->is_configuring)
+ if (adap->phys_addr == CEC_PHYS_ADDR_INVALID)
return -EINTR;
if (err)
@@ -1328,7 +1328,6 @@ static void cec_adap_unconfigure(struct cec_adapter *adap)
adap->phys_addr != CEC_PHYS_ADDR_INVALID)
WARN_ON(adap->ops->adap_log_addr(adap, CEC_LOG_ADDR_INVALID));
adap->log_addrs.log_addr_mask = 0;
- adap->is_configuring = false;
adap->is_configured = false;
cec_flush(adap);
wake_up_interruptible(&adap->kthread_waitq);
@@ -1520,9 +1519,10 @@ static int cec_config_thread_func(void *arg)
for (i = 0; i < las->num_log_addrs; i++)
las->log_addr[i] = CEC_LOG_ADDR_INVALID;
cec_adap_unconfigure(adap);
+ adap->is_configuring = false;
adap->kthread_config = NULL;
- mutex_unlock(&adap->lock);
complete(&adap->config_completion);
+ mutex_unlock(&adap->lock);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 081/452] openrisc: start CPU timer early in boot
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 080/452] media: cec-adap.c: fix is_configuring state Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 082/452] nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags Greg Kroah-Hartman
` (376 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Arnd Bergmann,
Jonas Bonn, Stefan Kristiansson, Stafford Horne, Guenter Roeck,
Jason A. Donenfeld, Sasha Levin
From: Jason A. Donenfeld <Jason@zx2c4.com>
[ Upstream commit 516dd4aacd67a0f27da94f3fe63fe0f4dbab6e2b ]
In order to measure the boot process, the timer should be switched on as
early in boot as possible. As well, the commit defines the get_cycles
macro, like the previous patches in this series, so that generic code is
aware that it's implemented by the platform, as is done on other archs.
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Jonas Bonn <jonas@southpole.se>
Cc: Stefan Kristiansson <stefan.kristiansson@saunalahti.fi>
Acked-by: Stafford Horne <shorne@gmail.com>
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/openrisc/include/asm/timex.h | 1 +
arch/openrisc/kernel/head.S | 9 +++++++++
2 files changed, 10 insertions(+)
diff --git a/arch/openrisc/include/asm/timex.h b/arch/openrisc/include/asm/timex.h
index d52b4e536e3f..5487fa93dd9b 100644
--- a/arch/openrisc/include/asm/timex.h
+++ b/arch/openrisc/include/asm/timex.h
@@ -23,6 +23,7 @@ static inline cycles_t get_cycles(void)
{
return mfspr(SPR_TTCR);
}
+#define get_cycles get_cycles
/* This isn't really used any more */
#define CLOCK_TICK_RATE 1000
diff --git a/arch/openrisc/kernel/head.S b/arch/openrisc/kernel/head.S
index af355e3f4619..459b0a1e4eb2 100644
--- a/arch/openrisc/kernel/head.S
+++ b/arch/openrisc/kernel/head.S
@@ -521,6 +521,15 @@ _start:
l.ori r3,r0,0x1
l.mtspr r0,r3,SPR_SR
+ /*
+ * Start the TTCR as early as possible, so that the RNG can make use of
+ * measurements of boot time from the earliest opportunity. Especially
+ * important is that the TTCR does not return zero by the time we reach
+ * rand_initialize().
+ */
+ l.movhi r3,hi(SPR_TTMR_CR)
+ l.mtspr r0,r3,SPR_TTMR
+
CLEAR_GPR(r1)
CLEAR_GPR(r2)
CLEAR_GPR(r3)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 082/452] nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 081/452] openrisc: start CPU timer early in boot Greg Kroah-Hartman
@ 2022-06-07 16:58 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 083/452] ASoC: rt5645: Fix errorenous cleanup order Greg Kroah-Hartman
` (375 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:58 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kyle Smith, Chaitanya Kulkarni,
Hannes Reinecke, Christoph Hellwig, Sasha Levin
From: Smith, Kyle Miller (Nimble Kernel) <kyles@hpe.com>
[ Upstream commit da42761181627e9bdc37d18368b827948a583929 ]
In nvme_alloc_admin_tags, the admin_q can be set to an error (typically
-ENOMEM) if the blk_mq_init_queue call fails to set up the queue, which
is checked immediately after the call. However, when we return the error
message up the stack, to nvme_reset_work the error takes us to
nvme_remove_dead_ctrl()
nvme_dev_disable()
nvme_suspend_queue(&dev->queues[0]).
Here, we only check that the admin_q is non-NULL, rather than not
an error or NULL, and begin quiescing a queue that never existed, leading
to bad / NULL pointer dereference.
Signed-off-by: Kyle Smith <kyles@hpe.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/pci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
index a36db0701d17..7de24a10dd92 100644
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -1666,6 +1666,7 @@ static int nvme_alloc_admin_tags(struct nvme_dev *dev)
dev->ctrl.admin_q = blk_mq_init_queue(&dev->admin_tagset);
if (IS_ERR(dev->ctrl.admin_q)) {
blk_mq_free_tag_set(&dev->admin_tagset);
+ dev->ctrl.admin_q = NULL;
return -ENOMEM;
}
if (!blk_get_queue(dev->ctrl.admin_q)) {
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 083/452] ASoC: rt5645: Fix errorenous cleanup order
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2022-06-07 16:58 ` [PATCH 5.10 082/452] nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 084/452] nbd: Fix hung on disconnect request if socket is closed before Greg Kroah-Hartman
` (374 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Lin Ma, Mark Brown, Sasha Levin
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit 2def44d3aec59e38d2701c568d65540783f90f2f ]
There is a logic error when removing rt5645 device as the function
rt5645_i2c_remove() first cancel the &rt5645->jack_detect_work and
delete the &rt5645->btn_check_timer latter. However, since the timer
handler rt5645_btn_check_callback() will re-queue the jack_detect_work,
this cleanup order is buggy.
That is, once the del_timer_sync in rt5645_i2c_remove is concurrently
run with the rt5645_btn_check_callback, the canceled jack_detect_work
will be rescheduled again, leading to possible use-after-free.
This patch fix the issue by placing the del_timer_sync function before
the cancel_delayed_work_sync.
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Link: https://lore.kernel.org/r/20220516092035.28283-1-linma@zju.edu.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rt5645.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/sound/soc/codecs/rt5645.c b/sound/soc/codecs/rt5645.c
index 420003d062c7..d1533e95a74f 100644
--- a/sound/soc/codecs/rt5645.c
+++ b/sound/soc/codecs/rt5645.c
@@ -4095,9 +4095,14 @@ static int rt5645_i2c_remove(struct i2c_client *i2c)
if (i2c->irq)
free_irq(i2c->irq, rt5645);
+ /*
+ * Since the rt5645_btn_check_callback() can queue jack_detect_work,
+ * the timer need to be delted first
+ */
+ del_timer_sync(&rt5645->btn_check_timer);
+
cancel_delayed_work_sync(&rt5645->jack_detect_work);
cancel_delayed_work_sync(&rt5645->rcclock_work);
- del_timer_sync(&rt5645->btn_check_timer);
regulator_bulk_disable(ARRAY_SIZE(rt5645->supplies), rt5645->supplies);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 084/452] nbd: Fix hung on disconnect request if socket is closed before
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 083/452] ASoC: rt5645: Fix errorenous cleanup order Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 085/452] net: phy: micrel: Allow probing without .driver_data Greg Kroah-Hartman
` (373 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xu Jianhai, Xie Yongji, Josef Bacik,
Jens Axboe, Sasha Levin
From: Xie Yongji <xieyongji@bytedance.com>
[ Upstream commit 491bf8f236fdeec698fa6744993f1ecf3fafd1a5 ]
When userspace closes the socket before sending a disconnect
request, the following I/O requests will be blocked in
wait_for_reconnect() until dead timeout. This will cause the
following disconnect request also hung on blk_mq_quiesce_queue().
That means we have no way to disconnect a nbd device if there
are some I/O requests waiting for reconnecting until dead timeout.
It's not expected. So let's wake up the thread waiting for
reconnecting directly when a disconnect request is sent.
Reported-by: Xu Jianhai <zero.xu@bytedance.com>
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20220322080639.142-1-xieyongji@bytedance.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/nbd.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index 59c452fff835..ecde800ba210 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -880,11 +880,15 @@ static int wait_for_reconnect(struct nbd_device *nbd)
struct nbd_config *config = nbd->config;
if (!config->dead_conn_timeout)
return 0;
- if (test_bit(NBD_RT_DISCONNECTED, &config->runtime_flags))
+
+ if (!wait_event_timeout(config->conn_wait,
+ test_bit(NBD_RT_DISCONNECTED,
+ &config->runtime_flags) ||
+ atomic_read(&config->live_connections) > 0,
+ config->dead_conn_timeout))
return 0;
- return wait_event_timeout(config->conn_wait,
- atomic_read(&config->live_connections) > 0,
- config->dead_conn_timeout) > 0;
+
+ return !test_bit(NBD_RT_DISCONNECTED, &config->runtime_flags);
}
static int nbd_handle_cmd(struct nbd_cmd *cmd, int index)
@@ -2029,6 +2033,7 @@ static void nbd_disconnect_and_put(struct nbd_device *nbd)
mutex_lock(&nbd->config_lock);
nbd_disconnect(nbd);
sock_shutdown(nbd);
+ wake_up(&nbd->config->conn_wait);
/*
* Make sure recv thread has finished, so it does not drop the last
* config ref and try to destroy the workqueue from inside the work
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 085/452] net: phy: micrel: Allow probing without .driver_data
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 084/452] nbd: Fix hung on disconnect request if socket is closed before Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 086/452] media: exynos4-is: Fix compile warning Greg Kroah-Hartman
` (372 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fabio Estevam, Andrew Lunn,
Jakub Kicinski, Sasha Levin
From: Fabio Estevam <festevam@denx.de>
[ Upstream commit f2ef6f7539c68c6bd6c32323d8845ee102b7c450 ]
Currently, if the .probe element is present in the phy_driver structure
and the .driver_data is not, a NULL pointer dereference happens.
Allow passing .probe without .driver_data by inserting NULL checks
for priv->type.
Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20220513114613.762810-1-festevam@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/micrel.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/net/phy/micrel.c b/drivers/net/phy/micrel.c
index 92e94ac94a34..bbbe198f83e8 100644
--- a/drivers/net/phy/micrel.c
+++ b/drivers/net/phy/micrel.c
@@ -283,7 +283,7 @@ static int kszphy_config_reset(struct phy_device *phydev)
}
}
- if (priv->led_mode >= 0)
+ if (priv->type && priv->led_mode >= 0)
kszphy_setup_led(phydev, priv->type->led_mode_reg, priv->led_mode);
return 0;
@@ -299,10 +299,10 @@ static int kszphy_config_init(struct phy_device *phydev)
type = priv->type;
- if (type->has_broadcast_disable)
+ if (type && type->has_broadcast_disable)
kszphy_broadcast_disable(phydev);
- if (type->has_nand_tree_disable)
+ if (type && type->has_nand_tree_disable)
kszphy_nand_tree_disable(phydev);
return kszphy_config_reset(phydev);
@@ -1112,7 +1112,7 @@ static int kszphy_probe(struct phy_device *phydev)
priv->type = type;
- if (type->led_mode_reg) {
+ if (type && type->led_mode_reg) {
ret = of_property_read_u32(np, "micrel,led-mode",
&priv->led_mode);
if (ret)
@@ -1133,7 +1133,8 @@ static int kszphy_probe(struct phy_device *phydev)
unsigned long rate = clk_get_rate(clk);
bool rmii_ref_clk_sel_25_mhz;
- priv->rmii_ref_clk_sel = type->has_rmii_ref_clk_sel;
+ if (type)
+ priv->rmii_ref_clk_sel = type->has_rmii_ref_clk_sel;
rmii_ref_clk_sel_25_mhz = of_property_read_bool(np,
"micrel,rmii-reference-clock-select-25-mhz");
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 086/452] media: exynos4-is: Fix compile warning
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 085/452] net: phy: micrel: Allow probing without .driver_data Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 087/452] ASoC: max98357a: remove dependency on GPIOLIB Greg Kroah-Hartman
` (371 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Kwanghoon Son,
Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin
From: Kwanghoon Son <k.son@samsung.com>
[ Upstream commit e080f5c1f2b6d02c02ee5d674e0e392ccf63bbaf ]
Declare static on function 'fimc_isp_video_device_unregister'.
When VIDEO_EXYNOS4_ISP_DMA_CAPTURE=n, compiler warns about
warning: no previous prototype for function [-Wmissing-prototypes]
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Kwanghoon Son <k.son@samsung.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/exynos4-is/fimc-isp-video.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/exynos4-is/fimc-isp-video.h b/drivers/media/platform/exynos4-is/fimc-isp-video.h
index edcb3a5e3cb9..2dd4ddbc748a 100644
--- a/drivers/media/platform/exynos4-is/fimc-isp-video.h
+++ b/drivers/media/platform/exynos4-is/fimc-isp-video.h
@@ -32,7 +32,7 @@ static inline int fimc_isp_video_device_register(struct fimc_isp *isp,
return 0;
}
-void fimc_isp_video_device_unregister(struct fimc_isp *isp,
+static inline void fimc_isp_video_device_unregister(struct fimc_isp *isp,
enum v4l2_buf_type type)
{
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 087/452] ASoC: max98357a: remove dependency on GPIOLIB
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 086/452] media: exynos4-is: Fix compile warning Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 088/452] ASoC: rt1015p: " Greg Kroah-Hartman
` (370 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot,
Pierre-Louis Bossart, Péter Ujfalusi, Mark Brown,
Sasha Levin
From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
[ Upstream commit 21ca3274333f5c1cbbf9d91e5b33f4f2463859b2 ]
commit dcc2c012c7691 ("ASoC: Fix gpiolib dependencies") removed a
series of unnecessary dependencies on GPIOLIB when the gpio was
optional.
A similar simplification seems valid for max98357a, so remove the
dependency as well. This will avoid the following warning
WARNING: unmet direct dependencies detected for SND_SOC_MAX98357A
Depends on [n]: SOUND [=y] && !UML && SND [=y] && SND_SOC [=y] && GPIOLIB [=n]
Selected by [y]:
- SND_SOC_INTEL_SOF_CS42L42_MACH [=y] && SOUND [=y] && !UML &&
SND [=y] && SND_SOC [=y] && SND_SOC_INTEL_MACH [=y] &&
(SND_SOC_SOF_HDA_LINK [=y] || SND_SOC_SOF_BAYTRAIL [=n]) && I2C
[=y] && ACPI [=y] && SND_HDA_CODEC_HDMI [=y] &&
SND_SOC_SOF_HDA_AUDIO_CODEC [=y] && (MFD_INTEL_LPSS [=y] ||
COMPILE_TEST [=n])
Reported-by: kernel test robot <yujie.liu@intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Péter Ujfalusi <peter.ujfalusi@linux.intel.com>
Link: https://lore.kernel.org/r/20220517172647.468244-2-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/Kconfig | 1 -
1 file changed, 1 deletion(-)
diff --git a/sound/soc/codecs/Kconfig b/sound/soc/codecs/Kconfig
index 52c89a6f54e9..612fd7516666 100644
--- a/sound/soc/codecs/Kconfig
+++ b/sound/soc/codecs/Kconfig
@@ -857,7 +857,6 @@ config SND_SOC_MAX98095
config SND_SOC_MAX98357A
tristate "Maxim MAX98357A CODEC"
- depends on GPIOLIB
config SND_SOC_MAX98371
tristate
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 088/452] ASoC: rt1015p: remove dependency on GPIOLIB
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 087/452] ASoC: max98357a: remove dependency on GPIOLIB Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 089/452] can: mcp251xfd: silence clangs -Wunaligned-access warning Greg Kroah-Hartman
` (369 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot,
Pierre-Louis Bossart, Péter Ujfalusi, Mark Brown,
Sasha Levin
From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
[ Upstream commit b390c25c6757b9d56cecdfbf6d55f15fc89a6386 ]
commit dcc2c012c7691 ("ASoC: Fix gpiolib dependencies") removed a
series of unnecessary dependencies on GPIOLIB when the gpio was
optional.
A similar simplification seems valid for rt1015p, so remove the
dependency as well. This will avoid the following warning
WARNING: unmet direct dependencies detected for SND_SOC_RT1015P
Depends on [n]: SOUND [=y] && !UML && SND [=y] && SND_SOC [=y] &&
GPIOLIB [=n]
Selected by [y]:
- SND_SOC_INTEL_SOF_RT5682_MACH [=y] && SOUND [=y] && !UML && SND
[=y] && SND_SOC [=y] && SND_SOC_INTEL_MACH [=y] &&
(SND_SOC_SOF_HDA_LINK [=y] || SND_SOC_SOF_BAYTRAIL [=n]) && I2C
[=y] && ACPI [=y] && (SND_HDA_CODEC_HDMI [=y] &&
SND_SOC_SOF_HDA_AUDIO_CODEC [=y] && (MFD_INTEL_LPSS [=y] ||
COMPILE_TEST [=y]) || SND_SOC_SOF_BAYTRAIL [=n] &&
(X86_INTEL_LPSS [=n] || COMPILE_TEST [=y]))
Reported-by: kernel test robot <yujie.liu@intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Péter Ujfalusi <peter.ujfalusi@linux.intel.com>
Link: https://lore.kernel.org/r/20220517172647.468244-3-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/Kconfig | 1 -
1 file changed, 1 deletion(-)
diff --git a/sound/soc/codecs/Kconfig b/sound/soc/codecs/Kconfig
index 612fd7516666..25f331551f68 100644
--- a/sound/soc/codecs/Kconfig
+++ b/sound/soc/codecs/Kconfig
@@ -1098,7 +1098,6 @@ config SND_SOC_RT1015
config SND_SOC_RT1015P
tristate
- depends on GPIOLIB
config SND_SOC_RT1305
tristate
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 089/452] can: mcp251xfd: silence clangs -Wunaligned-access warning
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 088/452] ASoC: rt1015p: " Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 090/452] x86/microcode: Add explicit CPU vendor dependency Greg Kroah-Hartman
` (368 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Mailhol, kernel test robot,
Marc Kleine-Budde, Sasha Levin, Nathan Chancellor
From: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
[ Upstream commit 1a6dd9996699889313327be03981716a8337656b ]
clang emits a -Wunaligned-access warning on union
mcp251xfd_tx_ojb_load_buf.
The reason is that field hw_tx_obj (not declared as packed) is being
packed right after a 16 bits field inside a packed struct:
| union mcp251xfd_tx_obj_load_buf {
| struct __packed {
| struct mcp251xfd_buf_cmd cmd;
| /* ^ 16 bits fields */
| struct mcp251xfd_hw_tx_obj_raw hw_tx_obj;
| /* ^ not declared as packed */
| } nocrc;
| struct __packed {
| struct mcp251xfd_buf_cmd_crc cmd;
| struct mcp251xfd_hw_tx_obj_raw hw_tx_obj;
| __be16 crc;
| } crc;
| } ____cacheline_aligned;
Starting from LLVM 14, having an unpacked struct nested in a packed
struct triggers a warning. c.f. [1].
This is a false positive because the field is always being accessed
with the relevant put_unaligned_*() function. Adding __packed to the
structure declaration silences the warning.
[1] https://github.com/llvm/llvm-project/issues/55520
Link: https://lore.kernel.org/all/20220518114357.55452-1-mailhol.vincent@wanadoo.fr
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Reported-by: kernel test robot <lkp@intel.com>
Tested-by: Nathan Chancellor <nathan@kernel.org> # build
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/can/spi/mcp251xfd/mcp251xfd.h b/drivers/net/can/spi/mcp251xfd/mcp251xfd.h
index fa1246e39980..766dbd19bba6 100644
--- a/drivers/net/can/spi/mcp251xfd/mcp251xfd.h
+++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd.h
@@ -426,7 +426,7 @@ struct mcp251xfd_hw_tef_obj {
/* The tx_obj_raw version is used in spi async, i.e. without
* regmap. We have to take care of endianness ourselves.
*/
-struct mcp251xfd_hw_tx_obj_raw {
+struct __packed mcp251xfd_hw_tx_obj_raw {
__le32 id;
__le32 flags;
u8 data[sizeof_field(struct canfd_frame, data)];
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 090/452] x86/microcode: Add explicit CPU vendor dependency
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 089/452] can: mcp251xfd: silence clangs -Wunaligned-access warning Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 091/452] m68k: atari: Make Atari ROM port I/O write macros return void Greg Kroah-Hartman
` (367 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, Borislav Petkov, Sasha Levin
From: Borislav Petkov <bp@suse.de>
[ Upstream commit 9c55d99e099bd7aa6b91fce8718505c35d5dfc65 ]
Add an explicit dependency to the respective CPU vendor so that the
respective microcode support for it gets built only when that support is
enabled.
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/8ead0da9-9545-b10d-e3db-7df1a1f219e4@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/Kconfig | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index db95ac482e0e..ed713840d469 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1321,7 +1321,7 @@ config MICROCODE
config MICROCODE_INTEL
bool "Intel microcode loading support"
- depends on MICROCODE
+ depends on CPU_SUP_INTEL && MICROCODE
default MICROCODE
help
This options enables microcode patch loading support for Intel
@@ -1333,7 +1333,7 @@ config MICROCODE_INTEL
config MICROCODE_AMD
bool "AMD microcode loading support"
- depends on MICROCODE
+ depends on CPU_SUP_AMD && MICROCODE
help
If you select this option, microcode patch loading support for AMD
processors will be enabled.
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 091/452] m68k: atari: Make Atari ROM port I/O write macros return void
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 090/452] x86/microcode: Add explicit CPU vendor dependency Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 092/452] rxrpc: Return an error to sendmsg if call failed Greg Kroah-Hartman
` (366 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Guenter Roeck,
Geert Uytterhoeven, Michael Schmitz, Sasha Levin
From: Geert Uytterhoeven <geert@linux-m68k.org>
[ Upstream commit 30b5e6ef4a32ea4985b99200e06d6660a69f9246 ]
The macros implementing Atari ROM port I/O writes do not cast away their
output, unlike similar implementations for other I/O buses.
When they are combined using conditional expressions in the definitions of
outb() and friends, this triggers sparse warnings like:
drivers/net/appletalk/cops.c:382:17: error: incompatible types in conditional expression (different base types):
drivers/net/appletalk/cops.c:382:17: unsigned char
drivers/net/appletalk/cops.c:382:17: void
Fix this by adding casts to "void".
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Michael Schmitz <schmitzmic@gmail.com>
Link: https://lore.kernel.org/r/c15bedc83d90a14fffcd5b1b6bfb32b8a80282c5.1653057096.git.geert@linux-m68k.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/m68k/include/asm/raw_io.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/m68k/include/asm/raw_io.h b/arch/m68k/include/asm/raw_io.h
index 80eb2396d01e..3ba40bc1dfaa 100644
--- a/arch/m68k/include/asm/raw_io.h
+++ b/arch/m68k/include/asm/raw_io.h
@@ -80,14 +80,14 @@
({ u16 __v = le16_to_cpu(*(__force volatile u16 *) (addr)); __v; })
#define rom_out_8(addr, b) \
- ({u8 __maybe_unused __w, __v = (b); u32 _addr = ((u32) (addr)); \
+ (void)({u8 __maybe_unused __w, __v = (b); u32 _addr = ((u32) (addr)); \
__w = ((*(__force volatile u8 *) ((_addr | 0x10000) + (__v<<1)))); })
#define rom_out_be16(addr, w) \
- ({u16 __maybe_unused __w, __v = (w); u32 _addr = ((u32) (addr)); \
+ (void)({u16 __maybe_unused __w, __v = (w); u32 _addr = ((u32) (addr)); \
__w = ((*(__force volatile u16 *) ((_addr & 0xFFFF0000UL) + ((__v & 0xFF)<<1)))); \
__w = ((*(__force volatile u16 *) ((_addr | 0x10000) + ((__v >> 8)<<1)))); })
#define rom_out_le16(addr, w) \
- ({u16 __maybe_unused __w, __v = (w); u32 _addr = ((u32) (addr)); \
+ (void)({u16 __maybe_unused __w, __v = (w); u32 _addr = ((u32) (addr)); \
__w = ((*(__force volatile u16 *) ((_addr & 0xFFFF0000UL) + ((__v >> 8)<<1)))); \
__w = ((*(__force volatile u16 *) ((_addr | 0x10000) + ((__v & 0xFF)<<1)))); })
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 092/452] rxrpc: Return an error to sendmsg if call failed
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 091/452] m68k: atari: Make Atari ROM port I/O write macros return void Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 093/452] rxrpc, afs: Fix selection of abort codes Greg Kroah-Hartman
` (365 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marc Dionne, David Howells,
linux-afs, David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 4ba68c5192554876bd8c3afd904e3064d2915341 ]
If at the end of rxrpc sendmsg() or rxrpc_kernel_send_data() the call that
was being given data was aborted remotely or otherwise failed, return an
error rather than returning the amount of data buffered for transmission.
The call (presumably) did not complete, so there's not much point
continuing with it. AF_RXRPC considers it "complete" and so will be
unwilling to do anything else with it - and won't send a notification for
it, deeming the return from sendmsg sufficient.
Not returning an error causes afs to incorrectly handle a StoreData
operation that gets interrupted by a change of address due to NAT
reconfiguration.
This doesn't normally affect most operations since their request parameters
tend to fit into a single UDP packet and afs_make_call() returns before the
server responds; StoreData is different as it involves transmission of a
lot of data.
This can be triggered on a client by doing something like:
dd if=/dev/zero of=/afs/example.com/foo bs=1M count=512
at one prompt, and then changing the network address at another prompt,
e.g.:
ifconfig enp6s0 inet 192.168.6.2 && route add 192.168.6.1 dev enp6s0
Tracing packets on an Auristor fileserver looks something like:
192.168.6.1 -> 192.168.6.3 RX 107 ACK Idle Seq: 0 Call: 4 Source Port: 7000 Destination Port: 7001
192.168.6.3 -> 192.168.6.1 AFS (RX) 1482 FS Request: Unknown(64538) (64538)
192.168.6.3 -> 192.168.6.1 AFS (RX) 1482 FS Request: Unknown(64538) (64538)
192.168.6.1 -> 192.168.6.3 RX 107 ACK Idle Seq: 0 Call: 4 Source Port: 7000 Destination Port: 7001
<ARP exchange for 192.168.6.2>
192.168.6.2 -> 192.168.6.1 AFS (RX) 1482 FS Request: Unknown(0) (0)
192.168.6.2 -> 192.168.6.1 AFS (RX) 1482 FS Request: Unknown(0) (0)
192.168.6.1 -> 192.168.6.2 RX 107 ACK Exceeds Window Seq: 0 Call: 4 Source Port: 7000 Destination Port: 7001
192.168.6.1 -> 192.168.6.2 RX 74 ABORT Seq: 0 Call: 4 Source Port: 7000 Destination Port: 7001
192.168.6.1 -> 192.168.6.2 RX 74 ABORT Seq: 29321 Call: 4 Source Port: 7000 Destination Port: 7001
The Auristor fileserver logs code -453 (RXGEN_SS_UNMARSHAL), but the abort
code received by kafs is -5 (RX_PROTOCOL_ERROR) as the rx layer sees the
condition and generates an abort first and the unmarshal error is a
consequence of that at the application layer.
Reported-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: linux-afs@lists.infradead.org
Link: http://lists.infradead.org/pipermail/linux-afs/2021-December/004810.html # v1
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rxrpc/sendmsg.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/rxrpc/sendmsg.c b/net/rxrpc/sendmsg.c
index d27140c836cc..aa23ba4e2566 100644
--- a/net/rxrpc/sendmsg.c
+++ b/net/rxrpc/sendmsg.c
@@ -461,6 +461,12 @@ static int rxrpc_send_data(struct rxrpc_sock *rx,
success:
ret = copied;
+ if (READ_ONCE(call->state) == RXRPC_CALL_COMPLETE) {
+ read_lock_bh(&call->state_lock);
+ if (call->error < 0)
+ ret = call->error;
+ read_unlock_bh(&call->state_lock);
+ }
out:
call->tx_pending = skb;
_leave(" = %d", ret);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 093/452] rxrpc, afs: Fix selection of abort codes
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 092/452] rxrpc: Return an error to sendmsg if call failed Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 094/452] eth: tg3: silence the GCC 12 array-bounds warning Greg Kroah-Hartman
` (364 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeffrey Altman, David Howells,
Marc Dionne, linux-afs, David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit de696c4784f0706884458893c5a6c39b3a3ff65c ]
The RX_USER_ABORT code should really only be used to indicate that the user
of the rxrpc service (ie. userspace) implicitly caused a call to be aborted
- for instance if the AF_RXRPC socket is closed whilst the call was in
progress. (The user may also explicitly abort a call and specify the abort
code to use).
Change some of the points of generation to use other abort codes instead:
(1) Abort the call with RXGEN_SS_UNMARSHAL or RXGEN_CC_UNMARSHAL if we see
ENOMEM and EFAULT during received data delivery and abort with
RX_CALL_DEAD in the default case.
(2) Abort with RXGEN_SS_MARSHAL if we get ENOMEM whilst trying to send a
reply.
(3) Abort with RX_CALL_DEAD if we stop hearing from the peer if we had
heard from the peer and abort with RX_CALL_TIMEOUT if we hadn't.
(4) Abort with RX_CALL_DEAD if we try to disconnect a call that's not
completed successfully or been aborted.
Reported-by: Jeffrey Altman <jaltman@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/afs/rxrpc.c | 8 +++++---
net/rxrpc/call_event.c | 4 ++--
net/rxrpc/conn_object.c | 2 +-
3 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/fs/afs/rxrpc.c b/fs/afs/rxrpc.c
index 8be709cb8542..efe0fb3ad8bd 100644
--- a/fs/afs/rxrpc.c
+++ b/fs/afs/rxrpc.c
@@ -572,6 +572,8 @@ static void afs_deliver_to_call(struct afs_call *call)
case -ENODATA:
case -EBADMSG:
case -EMSGSIZE:
+ case -ENOMEM:
+ case -EFAULT:
abort_code = RXGEN_CC_UNMARSHAL;
if (state != AFS_CALL_CL_AWAIT_REPLY)
abort_code = RXGEN_SS_UNMARSHAL;
@@ -579,7 +581,7 @@ static void afs_deliver_to_call(struct afs_call *call)
abort_code, ret, "KUM");
goto local_abort;
default:
- abort_code = RX_USER_ABORT;
+ abort_code = RX_CALL_DEAD;
rxrpc_kernel_abort_call(call->net->socket, call->rxcall,
abort_code, ret, "KER");
goto local_abort;
@@ -871,7 +873,7 @@ void afs_send_empty_reply(struct afs_call *call)
case -ENOMEM:
_debug("oom");
rxrpc_kernel_abort_call(net->socket, call->rxcall,
- RX_USER_ABORT, -ENOMEM, "KOO");
+ RXGEN_SS_MARSHAL, -ENOMEM, "KOO");
fallthrough;
default:
_leave(" [error]");
@@ -913,7 +915,7 @@ void afs_send_simple_reply(struct afs_call *call, const void *buf, size_t len)
if (n == -ENOMEM) {
_debug("oom");
rxrpc_kernel_abort_call(net->socket, call->rxcall,
- RX_USER_ABORT, -ENOMEM, "KOO");
+ RXGEN_SS_MARSHAL, -ENOMEM, "KOO");
}
_leave(" [error]");
}
diff --git a/net/rxrpc/call_event.c b/net/rxrpc/call_event.c
index 22e05de5d1ca..e426f6831aab 100644
--- a/net/rxrpc/call_event.c
+++ b/net/rxrpc/call_event.c
@@ -377,9 +377,9 @@ void rxrpc_process_call(struct work_struct *work)
if (test_bit(RXRPC_CALL_RX_HEARD, &call->flags) &&
(int)call->conn->hi_serial - (int)call->rx_serial > 0) {
trace_rxrpc_call_reset(call);
- rxrpc_abort_call("EXP", call, 0, RX_USER_ABORT, -ECONNRESET);
+ rxrpc_abort_call("EXP", call, 0, RX_CALL_DEAD, -ECONNRESET);
} else {
- rxrpc_abort_call("EXP", call, 0, RX_USER_ABORT, -ETIME);
+ rxrpc_abort_call("EXP", call, 0, RX_CALL_TIMEOUT, -ETIME);
}
set_bit(RXRPC_CALL_EV_ABORT, &call->events);
goto recheck_state;
diff --git a/net/rxrpc/conn_object.c b/net/rxrpc/conn_object.c
index 3bcbe0665f91..3ef05a0e90ad 100644
--- a/net/rxrpc/conn_object.c
+++ b/net/rxrpc/conn_object.c
@@ -184,7 +184,7 @@ void __rxrpc_disconnect_call(struct rxrpc_connection *conn,
chan->last_type = RXRPC_PACKET_TYPE_ABORT;
break;
default:
- chan->last_abort = RX_USER_ABORT;
+ chan->last_abort = RX_CALL_DEAD;
chan->last_type = RXRPC_PACKET_TYPE_ABORT;
break;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 094/452] eth: tg3: silence the GCC 12 array-bounds warning
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 093/452] rxrpc, afs: Fix selection of abort codes Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 095/452] selftests/bpf: fix btf_dump/btf_dump due to recent clang change Greg Kroah-Hartman
` (363 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jakub Kicinski, David S. Miller, Sasha Levin
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit 9dec850fd7c210a04b4707df8e6c95bfafdd6a4b ]
GCC 12 currently generates a rather inconsistent warning:
drivers/net/ethernet/broadcom/tg3.c:17795:51: warning: array subscript 5 is above array bounds of ‘struct tg3_napi[5]’ [-Warray-bounds]
17795 | struct tg3_napi *tnapi = &tp->napi[i];
| ~~~~~~~~^~~
i is guaranteed < tp->irq_max which in turn is either 1 or 5.
There are more loops like this one in the driver, but strangely
GCC 12 dislikes only this single one.
Silence this silliness for now.
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/Makefile | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ethernet/broadcom/Makefile b/drivers/net/ethernet/broadcom/Makefile
index 7046ad6d3d0e..ac50da49ca77 100644
--- a/drivers/net/ethernet/broadcom/Makefile
+++ b/drivers/net/ethernet/broadcom/Makefile
@@ -16,3 +16,8 @@ obj-$(CONFIG_BGMAC_BCMA) += bgmac-bcma.o bgmac-bcma-mdio.o
obj-$(CONFIG_BGMAC_PLATFORM) += bgmac-platform.o
obj-$(CONFIG_SYSTEMPORT) += bcmsysport.o
obj-$(CONFIG_BNXT) += bnxt/
+
+# FIXME: temporarily silence -Warray-bounds on non W=1+ builds
+ifndef KBUILD_EXTRA_WARN
+CFLAGS_tg3.o += -Wno-array-bounds
+endif
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 095/452] selftests/bpf: fix btf_dump/btf_dump due to recent clang change
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 094/452] eth: tg3: silence the GCC 12 array-bounds warning Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 096/452] gfs2: use i_lock spin_lock for inode qadata Greg Kroah-Hartman
` (362 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mykola Lysenko, Yonghong Song,
Alexei Starovoitov, Sasha Levin
From: Yonghong Song <yhs@fb.com>
[ Upstream commit 4050764cbaa25760aab40857f723393c07898474 ]
Latest llvm-project upstream had a change of behavior
related to qualifiers on function return type ([1]).
This caused selftests btf_dump/btf_dump failure.
The following example shows what changed.
$ cat t.c
typedef const char * const (* const (* const fn_ptr_arr2_t[5])())(char * (*)(int));
struct t {
int a;
fn_ptr_arr2_t l;
};
int foo(struct t *arg) {
return arg->a;
}
Compiled with latest upstream llvm15,
$ clang -O2 -g -target bpf -S -emit-llvm t.c
The related generated debuginfo IR looks like:
!16 = !DIDerivedType(tag: DW_TAG_typedef, name: "fn_ptr_arr2_t", file: !1, line: 1, baseType: !17)
!17 = !DICompositeType(tag: DW_TAG_array_type, baseType: !18, size: 320, elements: !32)
!18 = !DIDerivedType(tag: DW_TAG_const_type, baseType: !19)
!19 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !20, size: 64)
!20 = !DISubroutineType(types: !21)
!21 = !{!22, null}
!22 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !23, size: 64)
!23 = !DISubroutineType(types: !24)
!24 = !{!25, !28}
!25 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !26, size: 64)
!26 = !DIDerivedType(tag: DW_TAG_const_type, baseType: !27)
!27 = !DIBasicType(name: "char", size: 8, encoding: DW_ATE_signed_char)
You can see two intermediate const qualifier to pointer are dropped in debuginfo IR.
With llvm14, we have following debuginfo IR:
!16 = !DIDerivedType(tag: DW_TAG_typedef, name: "fn_ptr_arr2_t", file: !1, line: 1, baseType: !17)
!17 = !DICompositeType(tag: DW_TAG_array_type, baseType: !18, size: 320, elements: !34)
!18 = !DIDerivedType(tag: DW_TAG_const_type, baseType: !19)
!19 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !20, size: 64)
!20 = !DISubroutineType(types: !21)
!21 = !{!22, null}
!22 = !DIDerivedType(tag: DW_TAG_const_type, baseType: !23)
!23 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !24, size: 64)
!24 = !DISubroutineType(types: !25)
!25 = !{!26, !30}
!26 = !DIDerivedType(tag: DW_TAG_const_type, baseType: !27)
!27 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !28, size: 64)
!28 = !DIDerivedType(tag: DW_TAG_const_type, baseType: !29)
!29 = !DIBasicType(name: "char", size: 8, encoding: DW_ATE_signed_char)
All const qualifiers are preserved.
To adapt the selftest to both old and new llvm, this patch removed
the intermediate const qualifier in const-to-ptr types, to make the
test succeed again.
[1] https://reviews.llvm.org/D125919
Reported-by: Mykola Lysenko <mykolal@fb.com>
Signed-off-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/r/20220523152044.3905809-1-yhs@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/progs/btf_dump_test_case_syntax.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/bpf/progs/btf_dump_test_case_syntax.c b/tools/testing/selftests/bpf/progs/btf_dump_test_case_syntax.c
index 31975c96e2c9..fe43556e1a61 100644
--- a/tools/testing/selftests/bpf/progs/btf_dump_test_case_syntax.c
+++ b/tools/testing/selftests/bpf/progs/btf_dump_test_case_syntax.c
@@ -94,7 +94,7 @@ typedef void (* (*signal_t)(int, void (*)(int)))(int);
typedef char * (*fn_ptr_arr1_t[10])(int **);
-typedef char * (* const (* const fn_ptr_arr2_t[5])())(char * (*)(int));
+typedef char * (* (* const fn_ptr_arr2_t[5])())(char * (*)(int));
struct struct_w_typedefs {
int_t a;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 096/452] gfs2: use i_lock spin_lock for inode qadata
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 095/452] selftests/bpf: fix btf_dump/btf_dump due to recent clang change Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 097/452] IB/rdmavt: add missing locks in rvt_ruc_loopback Greg Kroah-Hartman
` (361 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bob Peterson, Andreas Gruenbacher,
Sasha Levin
From: Bob Peterson <rpeterso@redhat.com>
[ Upstream commit 5fcff61eea9efd1f4b60e89d2d686b5feaea100f ]
Before this patch, functions gfs2_qa_get and _put used the i_rw_mutex to
prevent simultaneous access to its i_qadata. But i_rw_mutex is now used
for many other things, including iomap_begin and end, which causes a
conflict according to lockdep. We cannot just remove the lock since
simultaneous opens (gfs2_open -> gfs2_open_common -> gfs2_qa_get) can
then stomp on each others values for i_qadata.
This patch solves the conflict by using the i_lock spin_lock in the inode
to prevent simultaneous access.
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/gfs2/quota.c | 32 ++++++++++++++++++++------------
1 file changed, 20 insertions(+), 12 deletions(-)
diff --git a/fs/gfs2/quota.c b/fs/gfs2/quota.c
index 6e173ae378c4..ad953ecb5853 100644
--- a/fs/gfs2/quota.c
+++ b/fs/gfs2/quota.c
@@ -531,34 +531,42 @@ static void qdsb_put(struct gfs2_quota_data *qd)
*/
int gfs2_qa_get(struct gfs2_inode *ip)
{
- int error = 0;
struct gfs2_sbd *sdp = GFS2_SB(&ip->i_inode);
+ struct inode *inode = &ip->i_inode;
if (sdp->sd_args.ar_quota == GFS2_QUOTA_OFF)
return 0;
- down_write(&ip->i_rw_mutex);
+ spin_lock(&inode->i_lock);
if (ip->i_qadata == NULL) {
- ip->i_qadata = kmem_cache_zalloc(gfs2_qadata_cachep, GFP_NOFS);
- if (!ip->i_qadata) {
- error = -ENOMEM;
- goto out;
- }
+ struct gfs2_qadata *tmp;
+
+ spin_unlock(&inode->i_lock);
+ tmp = kmem_cache_zalloc(gfs2_qadata_cachep, GFP_NOFS);
+ if (!tmp)
+ return -ENOMEM;
+
+ spin_lock(&inode->i_lock);
+ if (ip->i_qadata == NULL)
+ ip->i_qadata = tmp;
+ else
+ kmem_cache_free(gfs2_qadata_cachep, tmp);
}
ip->i_qadata->qa_ref++;
-out:
- up_write(&ip->i_rw_mutex);
- return error;
+ spin_unlock(&inode->i_lock);
+ return 0;
}
void gfs2_qa_put(struct gfs2_inode *ip)
{
- down_write(&ip->i_rw_mutex);
+ struct inode *inode = &ip->i_inode;
+
+ spin_lock(&inode->i_lock);
if (ip->i_qadata && --ip->i_qadata->qa_ref == 0) {
kmem_cache_free(gfs2_qadata_cachep, ip->i_qadata);
ip->i_qadata = NULL;
}
- up_write(&ip->i_rw_mutex);
+ spin_unlock(&inode->i_lock);
}
int gfs2_quota_hold(struct gfs2_inode *ip, kuid_t uid, kgid_t gid)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 097/452] IB/rdmavt: add missing locks in rvt_ruc_loopback
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 096/452] gfs2: use i_lock spin_lock for inode qadata Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 098/452] ARM: dts: ox820: align interrupt controller node name with dtschema Greg Kroah-Hartman
` (360 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niels Dossche, Jason Gunthorpe, Sasha Levin
From: Niels Dossche <dossche.niels@gmail.com>
[ Upstream commit 22cbc6c2681a0a4fe76150270426e763d52353a4 ]
The documentation of the function rvt_error_qp says both r_lock and
s_lock need to be held when calling that function.
It also asserts using lockdep that both of those locks are held.
rvt_error_qp is called form rvt_send_cq, which is called from
rvt_qp_complete_swqe, which is called from rvt_send_complete, which is
called from rvt_ruc_loopback in two places. Both of these places do not
hold r_lock. Fix this by acquiring a spin_lock of r_lock in both of
these places.
The r_lock acquiring cannot be added in rvt_qp_complete_swqe because
some of its other callers already have r_lock acquired.
Link: https://lore.kernel.org/r/20220228195144.71946-1-dossche.niels@gmail.com
Signed-off-by: Niels Dossche <dossche.niels@gmail.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rdmavt/qp.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/sw/rdmavt/qp.c b/drivers/infiniband/sw/rdmavt/qp.c
index d8d52a00a1be..585a9c76e518 100644
--- a/drivers/infiniband/sw/rdmavt/qp.c
+++ b/drivers/infiniband/sw/rdmavt/qp.c
@@ -2826,7 +2826,7 @@ void rvt_qp_iter(struct rvt_dev_info *rdi,
EXPORT_SYMBOL(rvt_qp_iter);
/*
- * This should be called with s_lock held.
+ * This should be called with s_lock and r_lock held.
*/
void rvt_send_complete(struct rvt_qp *qp, struct rvt_swqe *wqe,
enum ib_wc_status status)
@@ -3185,7 +3185,9 @@ void rvt_ruc_loopback(struct rvt_qp *sqp)
rvp->n_loop_pkts++;
flush_send:
sqp->s_rnr_retry = sqp->s_rnr_retry_cnt;
+ spin_lock(&sqp->r_lock);
rvt_send_complete(sqp, wqe, send_status);
+ spin_unlock(&sqp->r_lock);
if (local_ops) {
atomic_dec(&sqp->local_ops_pending);
local_ops = 0;
@@ -3239,7 +3241,9 @@ void rvt_ruc_loopback(struct rvt_qp *sqp)
spin_unlock_irqrestore(&qp->r_lock, flags);
serr_no_r_lock:
spin_lock_irqsave(&sqp->s_lock, flags);
+ spin_lock(&sqp->r_lock);
rvt_send_complete(sqp, wqe, send_status);
+ spin_unlock(&sqp->r_lock);
if (sqp->ibqp.qp_type == IB_QPT_RC) {
int lastwqe;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 098/452] ARM: dts: ox820: align interrupt controller node name with dtschema
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 097/452] IB/rdmavt: add missing locks in rvt_ruc_loopback Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 099/452] ARM: dts: s5pv210: align DMA channels " Greg Kroah-Hartman
` (359 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Neil Armstrong,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit fbcd5ad7a419ad40644a0bb8b4152bc660172d8a ]
Fixes dtbs_check warnings like:
gic@1000: $nodename:0: 'gic@1000' does not match '^interrupt-controller(@[0-9a-f,]+)*$'
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://lore.kernel.org/r/20220317115705.450427-1-krzysztof.kozlowski@canonical.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/ox820.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/ox820.dtsi b/arch/arm/boot/dts/ox820.dtsi
index 90846a7655b4..dde4364892bf 100644
--- a/arch/arm/boot/dts/ox820.dtsi
+++ b/arch/arm/boot/dts/ox820.dtsi
@@ -287,7 +287,7 @@
clocks = <&armclk>;
};
- gic: gic@1000 {
+ gic: interrupt-controller@1000 {
compatible = "arm,arm11mp-gic";
interrupt-controller;
#interrupt-cells = <3>;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 099/452] ARM: dts: s5pv210: align DMA channels with dtschema
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 098/452] ARM: dts: ox820: align interrupt controller node name with dtschema Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 100/452] arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count Greg Kroah-Hartman
` (358 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Jonathan Bakker,
Krzysztof Kozlowski, Sasha Levin
From: Krzysztof Kozlowski <krzk@kernel.org>
[ Upstream commit 9e916fb9bc3d16066286f19fc9c51d26a6aec6bd ]
dtschema expects DMA channels in specific order (tx, rx and tx-sec).
The order actually should not matter because dma-names is used however
let's make it aligned with dtschema to suppress warnings like:
i2s@eee30000: dma-names: ['rx', 'tx', 'tx-sec'] is not valid under any of the given schemas
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Co-developed-by: Jonathan Bakker <xc-racer2@live.ca>
Signed-off-by: Jonathan Bakker <xc-racer2@live.ca>
Link: https://lore.kernel.org/r/CY4PR04MB056779A9C50DC95987C5272ACB1C9@CY4PR04MB0567.namprd04.prod.outlook.com
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/s5pv210-aries.dtsi | 2 +-
arch/arm/boot/dts/s5pv210.dtsi | 12 ++++++------
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/arch/arm/boot/dts/s5pv210-aries.dtsi b/arch/arm/boot/dts/s5pv210-aries.dtsi
index 986fa0b1a877..d9b4c51a00d9 100644
--- a/arch/arm/boot/dts/s5pv210-aries.dtsi
+++ b/arch/arm/boot/dts/s5pv210-aries.dtsi
@@ -637,7 +637,7 @@
};
&i2s0 {
- dmas = <&pdma0 9>, <&pdma0 10>, <&pdma0 11>;
+ dmas = <&pdma0 10>, <&pdma0 9>, <&pdma0 11>;
status = "okay";
};
diff --git a/arch/arm/boot/dts/s5pv210.dtsi b/arch/arm/boot/dts/s5pv210.dtsi
index 2871351ab907..eb7e3660ada7 100644
--- a/arch/arm/boot/dts/s5pv210.dtsi
+++ b/arch/arm/boot/dts/s5pv210.dtsi
@@ -240,8 +240,8 @@
reg = <0xeee30000 0x1000>;
interrupt-parent = <&vic2>;
interrupts = <16>;
- dma-names = "rx", "tx", "tx-sec";
- dmas = <&pdma1 9>, <&pdma1 10>, <&pdma1 11>;
+ dma-names = "tx", "rx", "tx-sec";
+ dmas = <&pdma1 10>, <&pdma1 9>, <&pdma1 11>;
clock-names = "iis",
"i2s_opclk0",
"i2s_opclk1";
@@ -260,8 +260,8 @@
reg = <0xe2100000 0x1000>;
interrupt-parent = <&vic2>;
interrupts = <17>;
- dma-names = "rx", "tx";
- dmas = <&pdma1 12>, <&pdma1 13>;
+ dma-names = "tx", "rx";
+ dmas = <&pdma1 13>, <&pdma1 12>;
clock-names = "iis", "i2s_opclk0";
clocks = <&clocks CLK_I2S1>, <&clocks SCLK_AUDIO1>;
pinctrl-names = "default";
@@ -275,8 +275,8 @@
reg = <0xe2a00000 0x1000>;
interrupt-parent = <&vic2>;
interrupts = <18>;
- dma-names = "rx", "tx";
- dmas = <&pdma1 14>, <&pdma1 15>;
+ dma-names = "tx", "rx";
+ dmas = <&pdma1 15>, <&pdma1 14>;
clock-names = "iis", "i2s_opclk0";
clocks = <&clocks CLK_I2S2>, <&clocks SCLK_AUDIO2>;
pinctrl-names = "default";
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 100/452] arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 099/452] ARM: dts: s5pv210: align DMA channels " Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 101/452] PM / devfreq: rk3399_dmc: Disable edev on remove() Greg Kroah-Hartman
` (357 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Konrad Dybcio, Bjorn Andersson, Sasha Levin
From: Konrad Dybcio <konrad.dybcio@somainline.org>
[ Upstream commit 1ae438d26b620979ed004d559c304d31c42173ae ]
MSM8994 actually features 24 DMA channels for each BLSP,
fix it!
Signed-off-by: Konrad Dybcio <konrad.dybcio@somainline.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220319174645.340379-14-konrad.dybcio@somainline.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/msm8994.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/msm8994.dtsi b/arch/arm64/boot/dts/qcom/msm8994.dtsi
index 45f9a44326a6..297408b947ff 100644
--- a/arch/arm64/boot/dts/qcom/msm8994.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8994.dtsi
@@ -316,7 +316,7 @@
#dma-cells = <1>;
qcom,ee = <0>;
qcom,controlled-remotely;
- num-channels = <18>;
+ num-channels = <24>;
qcom,num-ees = <4>;
};
@@ -412,7 +412,7 @@
#dma-cells = <1>;
qcom,ee = <0>;
qcom,controlled-remotely;
- num-channels = <18>;
+ num-channels = <24>;
qcom,num-ees = <4>;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 101/452] PM / devfreq: rk3399_dmc: Disable edev on remove()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 100/452] arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 102/452] crypto: ccree - use fine grained DMA mapping dir Greg Kroah-Hartman
` (356 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Norris, Chanwoo Choi, Sasha Levin
From: Brian Norris <briannorris@chromium.org>
[ Upstream commit 2fccf9e6050e0e3b8b4cd275d41daf7f7fa22804 ]
Otherwise we hit an unablanced enable-count when unbinding the DFI
device:
[ 1279.659119] ------------[ cut here ]------------
[ 1279.659179] WARNING: CPU: 2 PID: 5638 at drivers/devfreq/devfreq-event.c:360 devfreq_event_remove_edev+0x84/0x8c
...
[ 1279.659352] Hardware name: Google Kevin (DT)
[ 1279.659363] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO BTYPE=--)
[ 1279.659371] pc : devfreq_event_remove_edev+0x84/0x8c
[ 1279.659380] lr : devm_devfreq_event_release+0x1c/0x28
...
[ 1279.659571] Call trace:
[ 1279.659582] devfreq_event_remove_edev+0x84/0x8c
[ 1279.659590] devm_devfreq_event_release+0x1c/0x28
[ 1279.659602] release_nodes+0x1cc/0x244
[ 1279.659611] devres_release_all+0x44/0x60
[ 1279.659621] device_release_driver_internal+0x11c/0x1ac
[ 1279.659629] device_driver_detach+0x20/0x2c
[ 1279.659641] unbind_store+0x7c/0xb0
[ 1279.659650] drv_attr_store+0x2c/0x40
[ 1279.659663] sysfs_kf_write+0x44/0x58
[ 1279.659672] kernfs_fop_write_iter+0xf4/0x190
[ 1279.659684] vfs_write+0x2b0/0x2e4
[ 1279.659693] ksys_write+0x80/0xec
[ 1279.659701] __arm64_sys_write+0x24/0x30
[ 1279.659714] el0_svc_common+0xf0/0x1d8
[ 1279.659724] do_el0_svc_compat+0x28/0x3c
[ 1279.659738] el0_svc_compat+0x10/0x1c
[ 1279.659746] el0_sync_compat_handler+0xa8/0xcc
[ 1279.659758] el0_sync_compat+0x188/0x1c0
[ 1279.659768] ---[ end trace cec200e5094155b4 ]---
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/devfreq/rk3399_dmc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/devfreq/rk3399_dmc.c b/drivers/devfreq/rk3399_dmc.c
index 2e912166a993..7e52375d9818 100644
--- a/drivers/devfreq/rk3399_dmc.c
+++ b/drivers/devfreq/rk3399_dmc.c
@@ -485,6 +485,8 @@ static int rk3399_dmcfreq_remove(struct platform_device *pdev)
{
struct rk3399_dmcfreq *dmcfreq = dev_get_drvdata(&pdev->dev);
+ devfreq_event_disable_edev(dmcfreq->edev);
+
/*
* Before remove the opp table we need to unregister the opp notifier.
*/
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 102/452] crypto: ccree - use fine grained DMA mapping dir
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 101/452] PM / devfreq: rk3399_dmc: Disable edev on remove() Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 103/452] soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc Greg Kroah-Hartman
` (355 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gilad Ben-Yossef, Corentin Labbe,
Herbert Xu, Sasha Levin
From: Gilad Ben-Yossef <gilad@benyossef.com>
[ Upstream commit a260436c98171cd825955a84a7f6e62bc8f4f00d ]
Use a fine grained specification of DMA mapping directions
in certain cases, allowing both a more optimized operation
as well as shushing out a harmless, though persky
dma-debug warning.
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Reported-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/ccree/cc_buffer_mgr.c | 27 +++++++++++++++------------
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/drivers/crypto/ccree/cc_buffer_mgr.c b/drivers/crypto/ccree/cc_buffer_mgr.c
index 11e0278c8631..6140e4927322 100644
--- a/drivers/crypto/ccree/cc_buffer_mgr.c
+++ b/drivers/crypto/ccree/cc_buffer_mgr.c
@@ -356,12 +356,14 @@ void cc_unmap_cipher_request(struct device *dev, void *ctx,
req_ctx->mlli_params.mlli_dma_addr);
}
- dma_unmap_sg(dev, src, req_ctx->in_nents, DMA_BIDIRECTIONAL);
- dev_dbg(dev, "Unmapped req->src=%pK\n", sg_virt(src));
-
if (src != dst) {
- dma_unmap_sg(dev, dst, req_ctx->out_nents, DMA_BIDIRECTIONAL);
+ dma_unmap_sg(dev, src, req_ctx->in_nents, DMA_TO_DEVICE);
+ dma_unmap_sg(dev, dst, req_ctx->out_nents, DMA_FROM_DEVICE);
dev_dbg(dev, "Unmapped req->dst=%pK\n", sg_virt(dst));
+ dev_dbg(dev, "Unmapped req->src=%pK\n", sg_virt(src));
+ } else {
+ dma_unmap_sg(dev, src, req_ctx->in_nents, DMA_BIDIRECTIONAL);
+ dev_dbg(dev, "Unmapped req->src=%pK\n", sg_virt(src));
}
}
@@ -377,6 +379,7 @@ int cc_map_cipher_request(struct cc_drvdata *drvdata, void *ctx,
u32 dummy = 0;
int rc = 0;
u32 mapped_nents = 0;
+ int src_direction = (src != dst ? DMA_TO_DEVICE : DMA_BIDIRECTIONAL);
req_ctx->dma_buf_type = CC_DMA_BUF_DLLI;
mlli_params->curr_pool = NULL;
@@ -399,7 +402,7 @@ int cc_map_cipher_request(struct cc_drvdata *drvdata, void *ctx,
}
/* Map the src SGL */
- rc = cc_map_sg(dev, src, nbytes, DMA_BIDIRECTIONAL, &req_ctx->in_nents,
+ rc = cc_map_sg(dev, src, nbytes, src_direction, &req_ctx->in_nents,
LLI_MAX_NUM_OF_DATA_ENTRIES, &dummy, &mapped_nents);
if (rc)
goto cipher_exit;
@@ -416,7 +419,7 @@ int cc_map_cipher_request(struct cc_drvdata *drvdata, void *ctx,
}
} else {
/* Map the dst sg */
- rc = cc_map_sg(dev, dst, nbytes, DMA_BIDIRECTIONAL,
+ rc = cc_map_sg(dev, dst, nbytes, DMA_FROM_DEVICE,
&req_ctx->out_nents, LLI_MAX_NUM_OF_DATA_ENTRIES,
&dummy, &mapped_nents);
if (rc)
@@ -456,6 +459,7 @@ void cc_unmap_aead_request(struct device *dev, struct aead_request *req)
struct aead_req_ctx *areq_ctx = aead_request_ctx(req);
unsigned int hw_iv_size = areq_ctx->hw_iv_size;
struct cc_drvdata *drvdata = dev_get_drvdata(dev);
+ int src_direction = (req->src != req->dst ? DMA_TO_DEVICE : DMA_BIDIRECTIONAL);
if (areq_ctx->mac_buf_dma_addr) {
dma_unmap_single(dev, areq_ctx->mac_buf_dma_addr,
@@ -514,13 +518,11 @@ void cc_unmap_aead_request(struct device *dev, struct aead_request *req)
sg_virt(req->src), areq_ctx->src.nents, areq_ctx->assoc.nents,
areq_ctx->assoclen, req->cryptlen);
- dma_unmap_sg(dev, req->src, areq_ctx->src.mapped_nents,
- DMA_BIDIRECTIONAL);
+ dma_unmap_sg(dev, req->src, areq_ctx->src.mapped_nents, src_direction);
if (req->src != req->dst) {
dev_dbg(dev, "Unmapping dst sgl: req->dst=%pK\n",
sg_virt(req->dst));
- dma_unmap_sg(dev, req->dst, areq_ctx->dst.mapped_nents,
- DMA_BIDIRECTIONAL);
+ dma_unmap_sg(dev, req->dst, areq_ctx->dst.mapped_nents, DMA_FROM_DEVICE);
}
if (drvdata->coherent &&
areq_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_DECRYPT &&
@@ -843,7 +845,7 @@ static int cc_aead_chain_data(struct cc_drvdata *drvdata,
else
size_for_map -= authsize;
- rc = cc_map_sg(dev, req->dst, size_for_map, DMA_BIDIRECTIONAL,
+ rc = cc_map_sg(dev, req->dst, size_for_map, DMA_FROM_DEVICE,
&areq_ctx->dst.mapped_nents,
LLI_MAX_NUM_OF_DATA_ENTRIES, &dst_last_bytes,
&dst_mapped_nents);
@@ -1056,7 +1058,8 @@ int cc_map_aead_request(struct cc_drvdata *drvdata, struct aead_request *req)
size_to_map += authsize;
}
- rc = cc_map_sg(dev, req->src, size_to_map, DMA_BIDIRECTIONAL,
+ rc = cc_map_sg(dev, req->src, size_to_map,
+ (req->src != req->dst ? DMA_TO_DEVICE : DMA_BIDIRECTIONAL),
&areq_ctx->src.mapped_nents,
(LLI_MAX_NUM_OF_ASSOC_DATA_ENTRIES +
LLI_MAX_NUM_OF_DATA_ENTRIES),
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 103/452] soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 102/452] crypto: ccree - use fine grained DMA mapping dir Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 104/452] fs: jfs: fix possible NULL pointer dereference in dbFree() Greg Kroah-Hartman
` (354 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, QintaoShen, Nishanth Menon, Sasha Levin
From: QintaoShen <unSimple1993@163.com>
[ Upstream commit ba56291e297d28aa6eb82c5c1964fae2d7594746 ]
The allocation funciton devm_kcalloc may fail and return a null pointer,
which would cause a null-pointer dereference later.
It might be better to check it and directly return -ENOMEM just like the
usage of devm_kcalloc in previous code.
Signed-off-by: QintaoShen <unSimple1993@163.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Link: https://lore.kernel.org/r/1648107843-29077-1-git-send-email-unSimple1993@163.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/ti/ti_sci_pm_domains.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/soc/ti/ti_sci_pm_domains.c b/drivers/soc/ti/ti_sci_pm_domains.c
index 8afb3f45d263..a33ec7eaf23d 100644
--- a/drivers/soc/ti/ti_sci_pm_domains.c
+++ b/drivers/soc/ti/ti_sci_pm_domains.c
@@ -183,6 +183,8 @@ static int ti_sci_pm_domain_probe(struct platform_device *pdev)
devm_kcalloc(dev, max_id + 1,
sizeof(*pd_provider->data.domains),
GFP_KERNEL);
+ if (!pd_provider->data.domains)
+ return -ENOMEM;
pd_provider->data.num_domains = max_id + 1;
pd_provider->data.xlate = ti_sci_pd_xlate;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 104/452] fs: jfs: fix possible NULL pointer dereference in dbFree()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 103/452] soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 105/452] ARM: OMAP1: clock: Fix UART rate reporting algorithm Greg Kroah-Hartman
` (353 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, TOTE Robot, Zixuan Fu, Dave Kleikamp,
Sasha Levin
From: Zixuan Fu <r33s3n6@gmail.com>
[ Upstream commit 0d4837fdb796f99369cf7691d33de1b856bcaf1f ]
In our fault-injection testing, the variable "nblocks" in dbFree() can be
zero when kmalloc_array() fails in dtSearch(). In this case, the variable
"mp" in dbFree() would be NULL and then it is dereferenced in
"write_metapage(mp)".
The failure log is listed as follows:
[ 13.824137] BUG: kernel NULL pointer dereference, address: 0000000000000020
...
[ 13.827416] RIP: 0010:dbFree+0x5f7/0x910 [jfs]
[ 13.834341] Call Trace:
[ 13.834540] <TASK>
[ 13.834713] txFreeMap+0x7b4/0xb10 [jfs]
[ 13.835038] txUpdateMap+0x311/0x650 [jfs]
[ 13.835375] jfs_lazycommit+0x5f2/0xc70 [jfs]
[ 13.835726] ? sched_dynamic_update+0x1b0/0x1b0
[ 13.836092] kthread+0x3c2/0x4a0
[ 13.836355] ? txLockFree+0x160/0x160 [jfs]
[ 13.836763] ? kthread_unuse_mm+0x160/0x160
[ 13.837106] ret_from_fork+0x1f/0x30
[ 13.837402] </TASK>
...
This patch adds a NULL check of "mp" before "write_metapage(mp)" is called.
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Zixuan Fu <r33s3n6@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jfs/jfs_dmap.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index e58ae29a223d..0ce17ea8fa8a 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -385,7 +385,8 @@ int dbFree(struct inode *ip, s64 blkno, s64 nblocks)
}
/* write the last buffer. */
- write_metapage(mp);
+ if (mp)
+ write_metapage(mp);
IREAD_UNLOCK(ipbmap);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 105/452] ARM: OMAP1: clock: Fix UART rate reporting algorithm
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 104/452] fs: jfs: fix possible NULL pointer dereference in dbFree() Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 106/452] powerpc/fadump: Fix fadump to work with a different endian capture kernel Greg Kroah-Hartman
` (352 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Janusz Krzysztofik, Tony Lindgren,
Arnd Bergmann, Sasha Levin
From: Janusz Krzysztofik <jmkrzyszt@gmail.com>
[ Upstream commit 338d5d476cde853dfd97378d20496baabc2ce3c0 ]
Since its introduction to the mainline kernel, omap1_uart_recalc() helper
makes incorrect use of clk->enable_bit as a ready to use bitmap mask while
it only provides the bit number. Fix it.
Signed-off-by: Janusz Krzysztofik <jmkrzyszt@gmail.com>
Acked-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-omap1/clock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/mach-omap1/clock.c b/arch/arm/mach-omap1/clock.c
index bd5be82101f3..d89bda12bf3c 100644
--- a/arch/arm/mach-omap1/clock.c
+++ b/arch/arm/mach-omap1/clock.c
@@ -41,7 +41,7 @@ static DEFINE_SPINLOCK(clockfw_lock);
unsigned long omap1_uart_recalc(struct clk *clk)
{
unsigned int val = __raw_readl(clk->enable_reg);
- return val & clk->enable_bit ? 48000000 : 12000000;
+ return val & 1 << clk->enable_bit ? 48000000 : 12000000;
}
unsigned long omap1_sossi_recalc(struct clk *clk)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 106/452] powerpc/fadump: Fix fadump to work with a different endian capture kernel
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 105/452] ARM: OMAP1: clock: Fix UART rate reporting algorithm Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 107/452] fat: add ratelimit to fat*_ent_bread() Greg Kroah-Hartman
` (351 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hari Bathini, Michael Ellerman, Sasha Levin
From: Hari Bathini <hbathini@linux.ibm.com>
[ Upstream commit b74196af372f7cb4902179009265fe63ac81824f ]
Dump capture would fail if capture kernel is not of the endianess as the
production kernel, because the in-memory data structure (struct
opal_fadump_mem_struct) shared across production kernel and capture
kernel assumes the same endianess for both the kernels, which doesn't
have to be true always. Fix it by having a well-defined endianess for
struct opal_fadump_mem_struct.
Signed-off-by: Hari Bathini <hbathini@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/161902744901.86147.14719228311655123526.stgit@hbathini
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/powernv/opal-fadump.c | 94 +++++++++++---------
arch/powerpc/platforms/powernv/opal-fadump.h | 10 +--
2 files changed, 57 insertions(+), 47 deletions(-)
diff --git a/arch/powerpc/platforms/powernv/opal-fadump.c b/arch/powerpc/platforms/powernv/opal-fadump.c
index 9a360ced663b..e23a51a05f99 100644
--- a/arch/powerpc/platforms/powernv/opal-fadump.c
+++ b/arch/powerpc/platforms/powernv/opal-fadump.c
@@ -60,7 +60,7 @@ void __init opal_fadump_dt_scan(struct fw_dump *fadump_conf, u64 node)
addr = be64_to_cpu(addr);
pr_debug("Kernel metadata addr: %llx\n", addr);
opal_fdm_active = (void *)addr;
- if (opal_fdm_active->registered_regions == 0)
+ if (be16_to_cpu(opal_fdm_active->registered_regions) == 0)
return;
ret = opal_mpipl_query_tag(OPAL_MPIPL_TAG_BOOT_MEM, &addr);
@@ -95,17 +95,17 @@ static int opal_fadump_unregister(struct fw_dump *fadump_conf);
static void opal_fadump_update_config(struct fw_dump *fadump_conf,
const struct opal_fadump_mem_struct *fdm)
{
- pr_debug("Boot memory regions count: %d\n", fdm->region_cnt);
+ pr_debug("Boot memory regions count: %d\n", be16_to_cpu(fdm->region_cnt));
/*
* The destination address of the first boot memory region is the
* destination address of boot memory regions.
*/
- fadump_conf->boot_mem_dest_addr = fdm->rgn[0].dest;
+ fadump_conf->boot_mem_dest_addr = be64_to_cpu(fdm->rgn[0].dest);
pr_debug("Destination address of boot memory regions: %#016llx\n",
fadump_conf->boot_mem_dest_addr);
- fadump_conf->fadumphdr_addr = fdm->fadumphdr_addr;
+ fadump_conf->fadumphdr_addr = be64_to_cpu(fdm->fadumphdr_addr);
}
/*
@@ -126,9 +126,9 @@ static void opal_fadump_get_config(struct fw_dump *fadump_conf,
fadump_conf->boot_memory_size = 0;
pr_debug("Boot memory regions:\n");
- for (i = 0; i < fdm->region_cnt; i++) {
- base = fdm->rgn[i].src;
- size = fdm->rgn[i].size;
+ for (i = 0; i < be16_to_cpu(fdm->region_cnt); i++) {
+ base = be64_to_cpu(fdm->rgn[i].src);
+ size = be64_to_cpu(fdm->rgn[i].size);
pr_debug("\t[%03d] base: 0x%lx, size: 0x%lx\n", i, base, size);
fadump_conf->boot_mem_addr[i] = base;
@@ -143,7 +143,7 @@ static void opal_fadump_get_config(struct fw_dump *fadump_conf,
* Start address of reserve dump area (permanent reservation) for
* re-registering FADump after dump capture.
*/
- fadump_conf->reserve_dump_area_start = fdm->rgn[0].dest;
+ fadump_conf->reserve_dump_area_start = be64_to_cpu(fdm->rgn[0].dest);
/*
* Rarely, but it can so happen that system crashes before all
@@ -155,13 +155,14 @@ static void opal_fadump_get_config(struct fw_dump *fadump_conf,
* Hope the memory that could not be preserved only has pages
* that are usually filtered out while saving the vmcore.
*/
- if (fdm->region_cnt > fdm->registered_regions) {
+ if (be16_to_cpu(fdm->region_cnt) > be16_to_cpu(fdm->registered_regions)) {
pr_warn("Not all memory regions were saved!!!\n");
pr_warn(" Unsaved memory regions:\n");
- i = fdm->registered_regions;
- while (i < fdm->region_cnt) {
+ i = be16_to_cpu(fdm->registered_regions);
+ while (i < be16_to_cpu(fdm->region_cnt)) {
pr_warn("\t[%03d] base: 0x%llx, size: 0x%llx\n",
- i, fdm->rgn[i].src, fdm->rgn[i].size);
+ i, be64_to_cpu(fdm->rgn[i].src),
+ be64_to_cpu(fdm->rgn[i].size));
i++;
}
@@ -170,7 +171,7 @@ static void opal_fadump_get_config(struct fw_dump *fadump_conf,
}
fadump_conf->boot_mem_top = (fadump_conf->boot_memory_size + hole_size);
- fadump_conf->boot_mem_regs_cnt = fdm->region_cnt;
+ fadump_conf->boot_mem_regs_cnt = be16_to_cpu(fdm->region_cnt);
opal_fadump_update_config(fadump_conf, fdm);
}
@@ -178,35 +179,38 @@ static void opal_fadump_get_config(struct fw_dump *fadump_conf,
static void opal_fadump_init_metadata(struct opal_fadump_mem_struct *fdm)
{
fdm->version = OPAL_FADUMP_VERSION;
- fdm->region_cnt = 0;
- fdm->registered_regions = 0;
- fdm->fadumphdr_addr = 0;
+ fdm->region_cnt = cpu_to_be16(0);
+ fdm->registered_regions = cpu_to_be16(0);
+ fdm->fadumphdr_addr = cpu_to_be64(0);
}
static u64 opal_fadump_init_mem_struct(struct fw_dump *fadump_conf)
{
u64 addr = fadump_conf->reserve_dump_area_start;
+ u16 reg_cnt;
int i;
opal_fdm = __va(fadump_conf->kernel_metadata);
opal_fadump_init_metadata(opal_fdm);
/* Boot memory regions */
+ reg_cnt = be16_to_cpu(opal_fdm->region_cnt);
for (i = 0; i < fadump_conf->boot_mem_regs_cnt; i++) {
- opal_fdm->rgn[i].src = fadump_conf->boot_mem_addr[i];
- opal_fdm->rgn[i].dest = addr;
- opal_fdm->rgn[i].size = fadump_conf->boot_mem_sz[i];
+ opal_fdm->rgn[i].src = cpu_to_be64(fadump_conf->boot_mem_addr[i]);
+ opal_fdm->rgn[i].dest = cpu_to_be64(addr);
+ opal_fdm->rgn[i].size = cpu_to_be64(fadump_conf->boot_mem_sz[i]);
- opal_fdm->region_cnt++;
+ reg_cnt++;
addr += fadump_conf->boot_mem_sz[i];
}
+ opal_fdm->region_cnt = cpu_to_be16(reg_cnt);
/*
* Kernel metadata is passed to f/w and retrieved in capture kerenl.
* So, use it to save fadump header address instead of calculating it.
*/
- opal_fdm->fadumphdr_addr = (opal_fdm->rgn[0].dest +
- fadump_conf->boot_memory_size);
+ opal_fdm->fadumphdr_addr = cpu_to_be64(be64_to_cpu(opal_fdm->rgn[0].dest) +
+ fadump_conf->boot_memory_size);
opal_fadump_update_config(fadump_conf, opal_fdm);
@@ -269,18 +273,21 @@ static u64 opal_fadump_get_bootmem_min(void)
static int opal_fadump_register(struct fw_dump *fadump_conf)
{
s64 rc = OPAL_PARAMETER;
+ u16 registered_regs;
int i, err = -EIO;
- for (i = 0; i < opal_fdm->region_cnt; i++) {
+ registered_regs = be16_to_cpu(opal_fdm->registered_regions);
+ for (i = 0; i < be16_to_cpu(opal_fdm->region_cnt); i++) {
rc = opal_mpipl_update(OPAL_MPIPL_ADD_RANGE,
- opal_fdm->rgn[i].src,
- opal_fdm->rgn[i].dest,
- opal_fdm->rgn[i].size);
+ be64_to_cpu(opal_fdm->rgn[i].src),
+ be64_to_cpu(opal_fdm->rgn[i].dest),
+ be64_to_cpu(opal_fdm->rgn[i].size));
if (rc != OPAL_SUCCESS)
break;
- opal_fdm->registered_regions++;
+ registered_regs++;
}
+ opal_fdm->registered_regions = cpu_to_be16(registered_regs);
switch (rc) {
case OPAL_SUCCESS:
@@ -291,7 +298,8 @@ static int opal_fadump_register(struct fw_dump *fadump_conf)
case OPAL_RESOURCE:
/* If MAX regions limit in f/w is hit, warn and proceed. */
pr_warn("%d regions could not be registered for MPIPL as MAX limit is reached!\n",
- (opal_fdm->region_cnt - opal_fdm->registered_regions));
+ (be16_to_cpu(opal_fdm->region_cnt) -
+ be16_to_cpu(opal_fdm->registered_regions)));
fadump_conf->dump_registered = 1;
err = 0;
break;
@@ -312,7 +320,7 @@ static int opal_fadump_register(struct fw_dump *fadump_conf)
* If some regions were registered before OPAL_MPIPL_ADD_RANGE
* OPAL call failed, unregister all regions.
*/
- if ((err < 0) && (opal_fdm->registered_regions > 0))
+ if ((err < 0) && (be16_to_cpu(opal_fdm->registered_regions) > 0))
opal_fadump_unregister(fadump_conf);
return err;
@@ -328,7 +336,7 @@ static int opal_fadump_unregister(struct fw_dump *fadump_conf)
return -EIO;
}
- opal_fdm->registered_regions = 0;
+ opal_fdm->registered_regions = cpu_to_be16(0);
fadump_conf->dump_registered = 0;
return 0;
}
@@ -563,19 +571,20 @@ static void opal_fadump_region_show(struct fw_dump *fadump_conf,
else
fdm_ptr = opal_fdm;
- for (i = 0; i < fdm_ptr->region_cnt; i++) {
+ for (i = 0; i < be16_to_cpu(fdm_ptr->region_cnt); i++) {
/*
* Only regions that are registered for MPIPL
* would have dump data.
*/
if ((fadump_conf->dump_active) &&
- (i < fdm_ptr->registered_regions))
- dumped_bytes = fdm_ptr->rgn[i].size;
+ (i < be16_to_cpu(fdm_ptr->registered_regions)))
+ dumped_bytes = be64_to_cpu(fdm_ptr->rgn[i].size);
seq_printf(m, "DUMP: Src: %#016llx, Dest: %#016llx, ",
- fdm_ptr->rgn[i].src, fdm_ptr->rgn[i].dest);
+ be64_to_cpu(fdm_ptr->rgn[i].src),
+ be64_to_cpu(fdm_ptr->rgn[i].dest));
seq_printf(m, "Size: %#llx, Dumped: %#llx bytes\n",
- fdm_ptr->rgn[i].size, dumped_bytes);
+ be64_to_cpu(fdm_ptr->rgn[i].size), dumped_bytes);
}
/* Dump is active. Show reserved area start address. */
@@ -624,6 +633,7 @@ void __init opal_fadump_dt_scan(struct fw_dump *fadump_conf, u64 node)
{
const __be32 *prop;
unsigned long dn;
+ __be64 be_addr;
u64 addr = 0;
int i, len;
s64 ret;
@@ -680,13 +690,13 @@ void __init opal_fadump_dt_scan(struct fw_dump *fadump_conf, u64 node)
if (!prop)
return;
- ret = opal_mpipl_query_tag(OPAL_MPIPL_TAG_KERNEL, &addr);
- if ((ret != OPAL_SUCCESS) || !addr) {
+ ret = opal_mpipl_query_tag(OPAL_MPIPL_TAG_KERNEL, &be_addr);
+ if ((ret != OPAL_SUCCESS) || !be_addr) {
pr_err("Failed to get Kernel metadata (%lld)\n", ret);
return;
}
- addr = be64_to_cpu(addr);
+ addr = be64_to_cpu(be_addr);
pr_debug("Kernel metadata addr: %llx\n", addr);
opal_fdm_active = __va(addr);
@@ -697,14 +707,14 @@ void __init opal_fadump_dt_scan(struct fw_dump *fadump_conf, u64 node)
}
/* Kernel regions not registered with f/w for MPIPL */
- if (opal_fdm_active->registered_regions == 0) {
+ if (be16_to_cpu(opal_fdm_active->registered_regions) == 0) {
opal_fdm_active = NULL;
return;
}
- ret = opal_mpipl_query_tag(OPAL_MPIPL_TAG_CPU, &addr);
- if (addr) {
- addr = be64_to_cpu(addr);
+ ret = opal_mpipl_query_tag(OPAL_MPIPL_TAG_CPU, &be_addr);
+ if (be_addr) {
+ addr = be64_to_cpu(be_addr);
pr_debug("CPU metadata addr: %llx\n", addr);
opal_cpu_metadata = __va(addr);
}
diff --git a/arch/powerpc/platforms/powernv/opal-fadump.h b/arch/powerpc/platforms/powernv/opal-fadump.h
index f1e9ecf548c5..3f715efb0aa6 100644
--- a/arch/powerpc/platforms/powernv/opal-fadump.h
+++ b/arch/powerpc/platforms/powernv/opal-fadump.h
@@ -31,14 +31,14 @@
* OPAL FADump kernel metadata
*
* The address of this structure will be registered with f/w for retrieving
- * and processing during crash dump.
+ * in the capture kernel to process the crash dump.
*/
struct opal_fadump_mem_struct {
u8 version;
u8 reserved[3];
- u16 region_cnt; /* number of regions */
- u16 registered_regions; /* Regions registered for MPIPL */
- u64 fadumphdr_addr;
+ __be16 region_cnt; /* number of regions */
+ __be16 registered_regions; /* Regions registered for MPIPL */
+ __be64 fadumphdr_addr;
struct opal_mpipl_region rgn[FADUMP_MAX_MEM_REGS];
} __packed;
@@ -135,7 +135,7 @@ static inline void opal_fadump_read_regs(char *bufp, unsigned int regs_cnt,
for (i = 0; i < regs_cnt; i++, bufp += reg_entry_size) {
reg_entry = (struct hdat_fadump_reg_entry *)bufp;
val = (cpu_endian ? be64_to_cpu(reg_entry->reg_val) :
- reg_entry->reg_val);
+ (u64)(reg_entry->reg_val));
opal_fadump_set_regval_regnum(regs,
be32_to_cpu(reg_entry->reg_type),
be32_to_cpu(reg_entry->reg_num),
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 107/452] fat: add ratelimit to fat*_ent_bread()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 106/452] powerpc/fadump: Fix fadump to work with a different endian capture kernel Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 108/452] pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() Greg Kroah-Hartman
` (350 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, OGAWA Hirofumi, qianfan,
Andrew Morton, Sasha Levin
From: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
[ Upstream commit 183c3237c928109d2008c0456dff508baf692b20 ]
fat*_ent_bread() can be the cause of too many report on I/O error path.
So use fat_msg_ratelimit() instead.
Link: https://lkml.kernel.org/r/87bkxogfeq.fsf@mail.parknet.co.jp
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Reported-by: qianfan <qianfanguijin@163.com>
Tested-by: qianfan <qianfanguijin@163.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/fat/fatent.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/fs/fat/fatent.c b/fs/fat/fatent.c
index f7e3304b7802..353735032947 100644
--- a/fs/fat/fatent.c
+++ b/fs/fat/fatent.c
@@ -93,7 +93,8 @@ static int fat12_ent_bread(struct super_block *sb, struct fat_entry *fatent,
err_brelse:
brelse(bhs[0]);
err:
- fat_msg(sb, KERN_ERR, "FAT read failed (blocknr %llu)", (llu)blocknr);
+ fat_msg_ratelimit(sb, KERN_ERR, "FAT read failed (blocknr %llu)",
+ (llu)blocknr);
return -EIO;
}
@@ -106,8 +107,8 @@ static int fat_ent_bread(struct super_block *sb, struct fat_entry *fatent,
fatent->fat_inode = MSDOS_SB(sb)->fat_inode;
fatent->bhs[0] = sb_bread(sb, blocknr);
if (!fatent->bhs[0]) {
- fat_msg(sb, KERN_ERR, "FAT read failed (blocknr %llu)",
- (llu)blocknr);
+ fat_msg_ratelimit(sb, KERN_ERR, "FAT read failed (blocknr %llu)",
+ (llu)blocknr);
return -EIO;
}
fatent->nr_bhs = 1;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 108/452] pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 107/452] fat: add ratelimit to fat*_ent_bread() Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 109/452] ARM: versatile: Add missing of_node_put in dcscb_init Greg Kroah-Hartman
` (349 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Geert Uytterhoeven,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 2f661477c2bb8068194dbba9738d05219f111c6e ]
It will cause null-ptr-deref when using 'res', if platform_get_resource()
returns NULL, so move using 'res' after devm_ioremap_resource() that
will check it to avoid null-ptr-deref.
And use devm_platform_get_and_ioremap_resource() to simplify code.
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20220429082637.1308182-2-yangyingliang@huawei.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/renesas/pinctrl-rzn1.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/drivers/pinctrl/renesas/pinctrl-rzn1.c b/drivers/pinctrl/renesas/pinctrl-rzn1.c
index ef5fb25b6016..849d091205d4 100644
--- a/drivers/pinctrl/renesas/pinctrl-rzn1.c
+++ b/drivers/pinctrl/renesas/pinctrl-rzn1.c
@@ -865,17 +865,15 @@ static int rzn1_pinctrl_probe(struct platform_device *pdev)
ipctl->mdio_func[0] = -1;
ipctl->mdio_func[1] = -1;
- res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
- ipctl->lev1_protect_phys = (u32)res->start + 0x400;
- ipctl->lev1 = devm_ioremap_resource(&pdev->dev, res);
+ ipctl->lev1 = devm_platform_get_and_ioremap_resource(pdev, 0, &res);
if (IS_ERR(ipctl->lev1))
return PTR_ERR(ipctl->lev1);
+ ipctl->lev1_protect_phys = (u32)res->start + 0x400;
- res = platform_get_resource(pdev, IORESOURCE_MEM, 1);
- ipctl->lev2_protect_phys = (u32)res->start + 0x400;
- ipctl->lev2 = devm_ioremap_resource(&pdev->dev, res);
+ ipctl->lev2 = devm_platform_get_and_ioremap_resource(pdev, 1, &res);
if (IS_ERR(ipctl->lev2))
return PTR_ERR(ipctl->lev2);
+ ipctl->lev2_protect_phys = (u32)res->start + 0x400;
ipctl->clk = devm_clk_get(&pdev->dev, NULL);
if (IS_ERR(ipctl->clk))
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 109/452] ARM: versatile: Add missing of_node_put in dcscb_init
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 108/452] pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 110/452] ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM Greg Kroah-Hartman
` (348 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peng Wu, Linus Walleij,
Arnd Bergmann, Sasha Levin
From: Peng Wu <wupeng58@huawei.com>
[ Upstream commit 23b44f9c649bbef10b45fa33080cd8b4166800ae ]
The device_node pointer is returned by of_find_compatible_node
with refcount incremented. We should use of_node_put() to avoid
the refcount leak.
Signed-off-by: Peng Wu <wupeng58@huawei.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20220428230356.69418-1-linus.walleij@linaro.org'
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-vexpress/dcscb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/mach-vexpress/dcscb.c b/arch/arm/mach-vexpress/dcscb.c
index a0554d7d04f7..e1adc098f89a 100644
--- a/arch/arm/mach-vexpress/dcscb.c
+++ b/arch/arm/mach-vexpress/dcscb.c
@@ -144,6 +144,7 @@ static int __init dcscb_init(void)
if (!node)
return -ENODEV;
dcscb_base = of_iomap(node, 0);
+ of_node_put(node);
if (!dcscb_base)
return -EADDRNOTAVAIL;
cfg = readl_relaxed(dcscb_base + DCS_CFG_R);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 110/452] ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 109/452] ARM: versatile: Add missing of_node_put in dcscb_init Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 111/452] ARM: hisi: Add missing of_node_put after of_find_compatible_node Greg Kroah-Hartman
` (347 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rob Herring, Krzysztof Kozlowski,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit f038e8186fbc5723d7d38c6fa1d342945107347e ]
The Samsung s524ad0xd1 EEPROM should use atmel,24c128 fallback,
according to the AT24 EEPROM bindings.
Reported-by: Rob Herring <robh@kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220426183443.243113-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/exynos5250-smdk5250.dts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/boot/dts/exynos5250-smdk5250.dts b/arch/arm/boot/dts/exynos5250-smdk5250.dts
index 572198b6834e..06c4e0996503 100644
--- a/arch/arm/boot/dts/exynos5250-smdk5250.dts
+++ b/arch/arm/boot/dts/exynos5250-smdk5250.dts
@@ -129,7 +129,7 @@
samsung,i2c-max-bus-freq = <20000>;
eeprom@50 {
- compatible = "samsung,s524ad0xd1";
+ compatible = "samsung,s524ad0xd1", "atmel,24c128";
reg = <0x50>;
};
@@ -289,7 +289,7 @@
samsung,i2c-max-bus-freq = <20000>;
eeprom@51 {
- compatible = "samsung,s524ad0xd1";
+ compatible = "samsung,s524ad0xd1", "atmel,24c128";
reg = <0x51>;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 111/452] ARM: hisi: Add missing of_node_put after of_find_compatible_node
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 110/452] ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 112/452] PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() Greg Kroah-Hartman
` (346 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Peng Wu, Wei Xu, Sasha Levin
From: Peng Wu <wupeng58@huawei.com>
[ Upstream commit 9bc72e47d4630d58a840a66a869c56b29554cfe4 ]
of_find_compatible_node will increment the refcount of the returned
device_node. Calling of_node_put() to avoid the refcount leak
Signed-off-by: Peng Wu <wupeng58@huawei.com>
Signed-off-by: Wei Xu <xuwei5@hisilicon.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-hisi/platsmp.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/arm/mach-hisi/platsmp.c b/arch/arm/mach-hisi/platsmp.c
index da7a09c1dae5..1cd1d9b0aabf 100644
--- a/arch/arm/mach-hisi/platsmp.c
+++ b/arch/arm/mach-hisi/platsmp.c
@@ -67,14 +67,17 @@ static void __init hi3xxx_smp_prepare_cpus(unsigned int max_cpus)
}
ctrl_base = of_iomap(np, 0);
if (!ctrl_base) {
+ of_node_put(np);
pr_err("failed to map address\n");
return;
}
if (of_property_read_u32(np, "smp-offset", &offset) < 0) {
+ of_node_put(np);
pr_err("failed to find smp-offset property\n");
return;
}
ctrl_base += offset;
+ of_node_put(np);
}
}
@@ -160,6 +163,7 @@ static int hip01_boot_secondary(unsigned int cpu, struct task_struct *idle)
if (WARN_ON(!node))
return -1;
ctrl_base = of_iomap(node, 0);
+ of_node_put(node);
/* set the secondary core boot from DDR */
remap_reg_value = readl_relaxed(ctrl_base + REG_SC_CTRL);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 112/452] PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 111/452] ARM: hisi: Add missing of_node_put after of_find_compatible_node Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 113/452] tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate Greg Kroah-Hartman
` (345 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yicong Yang, Bjorn Helgaas,
Sasha Levin, Jay Zhou
From: Yicong Yang <yangyicong@hisilicon.com>
[ Upstream commit a91ee0e9fca9d7501286cfbced9b30a33e52740a ]
The sysfs sriov_numvfs_store() path acquires the device lock before the
config space access lock:
sriov_numvfs_store
device_lock # A (1) acquire device lock
sriov_configure
vfio_pci_sriov_configure # (for example)
vfio_pci_core_sriov_configure
pci_disable_sriov
sriov_disable
pci_cfg_access_lock
pci_wait_cfg # B (4) wait for dev->block_cfg_access == 0
Previously, pci_dev_lock() acquired the config space access lock before the
device lock:
pci_dev_lock
pci_cfg_access_lock
dev->block_cfg_access = 1 # B (2) set dev->block_cfg_access = 1
device_lock # A (3) wait for device lock
Any path that uses pci_dev_lock(), e.g., pci_reset_function(), may
deadlock with sriov_numvfs_store() if the operations occur in the sequence
(1) (2) (3) (4).
Avoid the deadlock by reversing the order in pci_dev_lock() so it acquires
the device lock before the config space access lock, the same as the
sriov_numvfs_store() path.
[bhelgaas: combined and adapted commit log from Jay Zhou's independent
subsequent posting:
https://lore.kernel.org/r/20220404062539.1710-1-jianjay.zhou@huawei.com]
Link: https://lore.kernel.org/linux-pci/1583489997-17156-1-git-send-email-yangyicong@hisilicon.com/
Also-posted-by: Jay Zhou <jianjay.zhou@huawei.com>
Signed-off-by: Yicong Yang <yangyicong@hisilicon.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/pci.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index cda17c615148..6ebbe06f0b08 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -4975,18 +4975,18 @@ static int pci_dev_reset_slot_function(struct pci_dev *dev, int probe)
static void pci_dev_lock(struct pci_dev *dev)
{
- pci_cfg_access_lock(dev);
/* block PM suspend, driver probe, etc. */
device_lock(&dev->dev);
+ pci_cfg_access_lock(dev);
}
/* Return 1 on successful lock, 0 on contention */
static int pci_dev_trylock(struct pci_dev *dev)
{
- if (pci_cfg_access_trylock(dev)) {
- if (device_trylock(&dev->dev))
+ if (device_trylock(&dev->dev)) {
+ if (pci_cfg_access_trylock(dev))
return 1;
- pci_cfg_access_unlock(dev);
+ device_unlock(&dev->dev);
}
return 0;
@@ -4994,8 +4994,8 @@ static int pci_dev_trylock(struct pci_dev *dev)
static void pci_dev_unlock(struct pci_dev *dev)
{
- device_unlock(&dev->dev);
pci_cfg_access_unlock(dev);
+ device_unlock(&dev->dev);
}
static void pci_dev_save_and_disable(struct pci_dev *dev)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 113/452] tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 112/452] PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 114/452] powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr Greg Kroah-Hartman
` (344 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vasily Averin,
Steven Rostedt (Google),
Andrew Morton, Sasha Levin
From: Vasily Averin <vvs@openvz.org>
[ Upstream commit 2b132903de7124dd9a758be0c27562e91a510848 ]
Fixes following sparse warnings:
CHECK mm/vmscan.c
mm/vmscan.c: note: in included file (through
include/trace/trace_events.h, include/trace/define_trace.h,
include/trace/events/vmscan.h):
./include/trace/events/vmscan.h:281:1: sparse: warning:
cast to restricted isolate_mode_t
./include/trace/events/vmscan.h:281:1: sparse: warning:
restricted isolate_mode_t degrades to integer
Link: https://lkml.kernel.org/r/e85d7ff2-fd10-53f8-c24e-ba0458439c1b@openvz.org
Signed-off-by: Vasily Averin <vvs@openvz.org>
Acked-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/trace/events/vmscan.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/trace/events/vmscan.h b/include/trace/events/vmscan.h
index 2070df64958e..b4feeb4b216a 100644
--- a/include/trace/events/vmscan.h
+++ b/include/trace/events/vmscan.h
@@ -283,7 +283,7 @@ TRACE_EVENT(mm_vmscan_lru_isolate,
__field(unsigned long, nr_scanned)
__field(unsigned long, nr_skipped)
__field(unsigned long, nr_taken)
- __field(isolate_mode_t, isolate_mode)
+ __field(unsigned int, isolate_mode)
__field(int, lru)
),
@@ -294,7 +294,7 @@ TRACE_EVENT(mm_vmscan_lru_isolate,
__entry->nr_scanned = nr_scanned;
__entry->nr_skipped = nr_skipped;
__entry->nr_taken = nr_taken;
- __entry->isolate_mode = isolate_mode;
+ __entry->isolate_mode = (__force unsigned int)isolate_mode;
__entry->lru = lru;
),
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 114/452] powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 113/452] tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 115/452] powerpc/xics: fix refcount leak in icp_opal_init() Greg Kroah-Hartman
` (343 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Haren Myneni, Sasha Levin
From: Haren Myneni <haren@linux.ibm.com>
[ Upstream commit c127d130f6d59fa81701f6b04023cf7cd1972fb3 ]
In init_winctx_regs(), __pa() is called on winctx->rx_fifo and this
function is called to initialize registers for receive and fault
windows. But the real address is passed in winctx->rx_fifo for
receive windows and the virtual address for fault windows which
causes errors with DEBUG_VIRTUAL enabled. Fixes this issue by
assigning only real address to rx_fifo in vas_rx_win_attr struct
for both receive and fault windows.
Reported-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Haren Myneni <haren@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/338e958c7ab8f3b266fa794a1f80f99b9671829e.camel@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/vas.h | 2 +-
arch/powerpc/platforms/powernv/vas-fault.c | 2 +-
arch/powerpc/platforms/powernv/vas-window.c | 4 ++--
arch/powerpc/platforms/powernv/vas.h | 2 +-
drivers/crypto/nx/nx-common-powernv.c | 2 +-
5 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/powerpc/include/asm/vas.h b/arch/powerpc/include/asm/vas.h
index e33f80b0ea81..47062b457049 100644
--- a/arch/powerpc/include/asm/vas.h
+++ b/arch/powerpc/include/asm/vas.h
@@ -52,7 +52,7 @@ enum vas_cop_type {
* Receive window attributes specified by the (in-kernel) owner of window.
*/
struct vas_rx_win_attr {
- void *rx_fifo;
+ u64 rx_fifo;
int rx_fifo_size;
int wcreds_max;
diff --git a/arch/powerpc/platforms/powernv/vas-fault.c b/arch/powerpc/platforms/powernv/vas-fault.c
index 3d21fce254b7..dd9c23c09781 100644
--- a/arch/powerpc/platforms/powernv/vas-fault.c
+++ b/arch/powerpc/platforms/powernv/vas-fault.c
@@ -352,7 +352,7 @@ int vas_setup_fault_window(struct vas_instance *vinst)
vas_init_rx_win_attr(&attr, VAS_COP_TYPE_FAULT);
attr.rx_fifo_size = vinst->fault_fifo_size;
- attr.rx_fifo = vinst->fault_fifo;
+ attr.rx_fifo = __pa(vinst->fault_fifo);
/*
* Max creds is based on number of CRBs can fit in the FIFO.
diff --git a/arch/powerpc/platforms/powernv/vas-window.c b/arch/powerpc/platforms/powernv/vas-window.c
index 7ba0840fc3b5..3a86cdd5ae6c 100644
--- a/arch/powerpc/platforms/powernv/vas-window.c
+++ b/arch/powerpc/platforms/powernv/vas-window.c
@@ -403,7 +403,7 @@ static void init_winctx_regs(struct vas_window *window,
*
* See also: Design note in function header.
*/
- val = __pa(winctx->rx_fifo);
+ val = winctx->rx_fifo;
val = SET_FIELD(VAS_PAGE_MIGRATION_SELECT, val, 0);
write_hvwc_reg(window, VREG(LFIFO_BAR), val);
@@ -737,7 +737,7 @@ static void init_winctx_for_rxwin(struct vas_window *rxwin,
*/
winctx->fifo_disable = true;
winctx->intr_disable = true;
- winctx->rx_fifo = NULL;
+ winctx->rx_fifo = 0;
}
winctx->lnotify_lpid = rxattr->lnotify_lpid;
diff --git a/arch/powerpc/platforms/powernv/vas.h b/arch/powerpc/platforms/powernv/vas.h
index 70f793e8f6cc..1f6e73809205 100644
--- a/arch/powerpc/platforms/powernv/vas.h
+++ b/arch/powerpc/platforms/powernv/vas.h
@@ -383,7 +383,7 @@ struct vas_window {
* is a container for the register fields in the window context.
*/
struct vas_winctx {
- void *rx_fifo;
+ u64 rx_fifo;
int rx_fifo_size;
int wcreds_max;
int rsvd_txbuf_count;
diff --git a/drivers/crypto/nx/nx-common-powernv.c b/drivers/crypto/nx/nx-common-powernv.c
index 13c65deda8e9..8a4f10bb3fcd 100644
--- a/drivers/crypto/nx/nx-common-powernv.c
+++ b/drivers/crypto/nx/nx-common-powernv.c
@@ -827,7 +827,7 @@ static int __init vas_cfg_coproc_info(struct device_node *dn, int chip_id,
goto err_out;
vas_init_rx_win_attr(&rxattr, coproc->ct);
- rxattr.rx_fifo = (void *)rx_fifo;
+ rxattr.rx_fifo = rx_fifo;
rxattr.rx_fifo_size = fifo_size;
rxattr.lnotify_lpid = lpid;
rxattr.lnotify_pid = pid;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 115/452] powerpc/xics: fix refcount leak in icp_opal_init()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 114/452] powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 116/452] powerpc/powernv: fix missing of_node_put in uv_init() Greg Kroah-Hartman
` (342 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Lv Ruyi,
Michael Ellerman, Sasha Levin
From: Lv Ruyi <lv.ruyi@zte.com.cn>
[ Upstream commit 5dd9e27ea4a39f7edd4bf81e9e70208e7ac0b7c9 ]
The of_find_compatible_node() function returns a node pointer with
refcount incremented, use of_node_put() on it when done.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220402013419.2410298-1-lv.ruyi@zte.com.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/sysdev/xics/icp-opal.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/sysdev/xics/icp-opal.c b/arch/powerpc/sysdev/xics/icp-opal.c
index 68fd2540b093..7fa520efcefa 100644
--- a/arch/powerpc/sysdev/xics/icp-opal.c
+++ b/arch/powerpc/sysdev/xics/icp-opal.c
@@ -195,6 +195,7 @@ int icp_opal_init(void)
printk("XICS: Using OPAL ICP fallbacks\n");
+ of_node_put(np);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 116/452] powerpc/powernv: fix missing of_node_put in uv_init()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 115/452] powerpc/xics: fix refcount leak in icp_opal_init() Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 117/452] macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled Greg Kroah-Hartman
` (341 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Lv Ruyi,
Michael Ellerman, Sasha Levin
From: Lv Ruyi <lv.ruyi@zte.com.cn>
[ Upstream commit 3ffa9fd471f57f365bc54fc87824c530422f64a5 ]
of_find_compatible_node() returns node pointer with refcount incremented,
use of_node_put() on it when done.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220407090043.2491854-1-lv.ruyi@zte.com.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/powernv/ultravisor.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/platforms/powernv/ultravisor.c b/arch/powerpc/platforms/powernv/ultravisor.c
index e4a00ad06f9d..67c8c4b2d8b1 100644
--- a/arch/powerpc/platforms/powernv/ultravisor.c
+++ b/arch/powerpc/platforms/powernv/ultravisor.c
@@ -55,6 +55,7 @@ static int __init uv_init(void)
return -ENODEV;
uv_memcons = memcons_init(node, "memcons");
+ of_node_put(node);
if (!uv_memcons)
return -ENOENT;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 117/452] macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 116/452] powerpc/powernv: fix missing of_node_put in uv_init() Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 118/452] powerpc/iommu: Add missing of_node_put in iommu_init_early_dart Greg Kroah-Hartman
` (340 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Finn Thain,
Randy Dunlap, Christophe Leroy, Michael Ellerman, Sasha Levin
From: Finn Thain <fthain@linux-m68k.org>
[ Upstream commit 86ce436e30d86327c9f5260f718104ae7b21f506 ]
drivers/macintosh/via-pmu-event.o: In function `via_pmu_event':
via-pmu-event.c:(.text+0x44): undefined reference to `input_event'
via-pmu-event.c:(.text+0x68): undefined reference to `input_event'
via-pmu-event.c:(.text+0x94): undefined reference to `input_event'
via-pmu-event.c:(.text+0xb8): undefined reference to `input_event'
drivers/macintosh/via-pmu-event.o: In function `via_pmu_event_init':
via-pmu-event.c:(.init.text+0x20): undefined reference to `input_allocate_device'
via-pmu-event.c:(.init.text+0xc4): undefined reference to `input_register_device'
via-pmu-event.c:(.init.text+0xd4): undefined reference to `input_free_device'
make[1]: *** [Makefile:1155: vmlinux] Error 1
make: *** [Makefile:350: __build_one_by_one] Error 2
Don't call into the input subsystem unless CONFIG_INPUT is built-in.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Finn Thain <fthain@linux-m68k.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/5edbe76ce68227f71e09af4614cc4c1bd61c7ec8.1649326292.git.fthain@linux-m68k.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/macintosh/Kconfig | 4 ++++
drivers/macintosh/Makefile | 3 ++-
drivers/macintosh/via-pmu.c | 2 +-
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/macintosh/Kconfig b/drivers/macintosh/Kconfig
index 5cdc361da37c..3942db15a2b8 100644
--- a/drivers/macintosh/Kconfig
+++ b/drivers/macintosh/Kconfig
@@ -67,6 +67,10 @@ config ADB_PMU
this device; you should do so if your machine is one of those
mentioned above.
+config ADB_PMU_EVENT
+ def_bool y
+ depends on ADB_PMU && INPUT=y
+
config ADB_PMU_LED
bool "Support for the Power/iBook front LED"
depends on PPC_PMAC && ADB_PMU
diff --git a/drivers/macintosh/Makefile b/drivers/macintosh/Makefile
index 49819b1b6f20..712edcb3e0b0 100644
--- a/drivers/macintosh/Makefile
+++ b/drivers/macintosh/Makefile
@@ -12,7 +12,8 @@ obj-$(CONFIG_MAC_EMUMOUSEBTN) += mac_hid.o
obj-$(CONFIG_INPUT_ADBHID) += adbhid.o
obj-$(CONFIG_ANSLCD) += ans-lcd.o
-obj-$(CONFIG_ADB_PMU) += via-pmu.o via-pmu-event.o
+obj-$(CONFIG_ADB_PMU) += via-pmu.o
+obj-$(CONFIG_ADB_PMU_EVENT) += via-pmu-event.o
obj-$(CONFIG_ADB_PMU_LED) += via-pmu-led.o
obj-$(CONFIG_PMAC_BACKLIGHT) += via-pmu-backlight.o
obj-$(CONFIG_ADB_CUDA) += via-cuda.o
diff --git a/drivers/macintosh/via-pmu.c b/drivers/macintosh/via-pmu.c
index 73e6ae88fafd..aae6328b2429 100644
--- a/drivers/macintosh/via-pmu.c
+++ b/drivers/macintosh/via-pmu.c
@@ -1460,7 +1460,7 @@ pmu_handle_data(unsigned char *data, int len)
pmu_pass_intr(data, len);
/* len == 6 is probably a bad check. But how do I
* know what PMU versions send what events here? */
- if (len == 6) {
+ if (IS_ENABLED(CONFIG_ADB_PMU_EVENT) && len == 6) {
via_pmu_event(PMU_EVT_POWER, !!(data[1]&8));
via_pmu_event(PMU_EVT_LID, data[1]&1);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 118/452] powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 117/452] macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 119/452] RDMA/hfi1: Prevent panic when SDMA is disabled Greg Kroah-Hartman
` (339 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peng Wu, Michael Ellerman, Sasha Levin
From: Peng Wu <wupeng58@huawei.com>
[ Upstream commit 57b742a5b8945118022973e6416b71351df512fb ]
The device_node pointer is returned by of_find_compatible_node
with refcount incremented. We should use of_node_put() to avoid
the refcount leak.
Signed-off-by: Peng Wu <wupeng58@huawei.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220425081245.21705-1-wupeng58@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/sysdev/dart_iommu.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/sysdev/dart_iommu.c b/arch/powerpc/sysdev/dart_iommu.c
index 6b4a34b36d98..8ff9bcfe4b8d 100644
--- a/arch/powerpc/sysdev/dart_iommu.c
+++ b/arch/powerpc/sysdev/dart_iommu.c
@@ -403,9 +403,10 @@ void __init iommu_init_early_dart(struct pci_controller_ops *controller_ops)
}
/* Initialize the DART HW */
- if (dart_init(dn) != 0)
+ if (dart_init(dn) != 0) {
+ of_node_put(dn);
return;
-
+ }
/*
* U4 supports a DART bypass, we use it for 64-bit capable devices to
* improve performance. However, that only works for devices connected
@@ -418,6 +419,7 @@ void __init iommu_init_early_dart(struct pci_controller_ops *controller_ops)
/* Setup pci_dma ops */
set_pci_dma_ops(&dma_iommu_ops);
+ of_node_put(dn);
}
#ifdef CONFIG_PM
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 119/452] RDMA/hfi1: Prevent panic when SDMA is disabled
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 118/452] powerpc/iommu: Add missing of_node_put in iommu_init_early_dart Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 120/452] drm: fix EDID struct for old ARM OABI format Greg Kroah-Hartman
` (338 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Douglas Miller, Dennis Dalessandro,
Jason Gunthorpe, Sasha Levin
From: Douglas Miller <doug.miller@cornelisnetworks.com>
[ Upstream commit 629e052d0c98e46dde9f0824f0aa437f678d9b8f ]
If the hfi1 module is loaded with HFI1_CAP_SDMA off, a call to
hfi1_write_iter() will dereference a NULL pointer and panic. A typical
stack frame is:
sdma_select_user_engine [hfi1]
hfi1_user_sdma_process_request [hfi1]
hfi1_write_iter [hfi1]
do_iter_readv_writev
do_iter_write
vfs_writev
do_writev
do_syscall_64
The fix is to test for SDMA in hfi1_write_iter() and fail the I/O with
EINVAL.
Link: https://lore.kernel.org/r/20220520183706.48973.79803.stgit@awfm-01.cornelisnetworks.com
Signed-off-by: Douglas Miller <doug.miller@cornelisnetworks.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hfi1/file_ops.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/infiniband/hw/hfi1/file_ops.c b/drivers/infiniband/hw/hfi1/file_ops.c
index 329ee4f48d95..cfc2110fc38a 100644
--- a/drivers/infiniband/hw/hfi1/file_ops.c
+++ b/drivers/infiniband/hw/hfi1/file_ops.c
@@ -306,6 +306,8 @@ static ssize_t hfi1_write_iter(struct kiocb *kiocb, struct iov_iter *from)
unsigned long dim = from->nr_segs;
int idx;
+ if (!HFI1_CAP_IS_KSET(SDMA))
+ return -EINVAL;
idx = srcu_read_lock(&fd->pq_srcu);
pq = srcu_dereference(fd->pq, &fd->pq_srcu);
if (!cq || !pq) {
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 120/452] drm: fix EDID struct for old ARM OABI format
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 119/452] RDMA/hfi1: Prevent panic when SDMA is disabled Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 121/452] dt-bindings: display: sitronix, st7735r: Fix backlight in example Greg Kroah-Hartman
` (337 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sudip Mukherjee, Arnd Bergmann,
Maarten Lankhorst, Maxime Ripard, Thomas Zimmermann,
David Airlie, Daniel Vetter, Linus Torvalds, Sasha Levin
From: Linus Torvalds <torvalds@linux-foundation.org>
[ Upstream commit 47f15561b69e226bfc034e94ff6dbec51a4662af ]
When building the kernel for arm with the "-mabi=apcs-gnu" option, gcc
will force alignment of all structures and unions to a word boundary
(see also STRUCTURE_SIZE_BOUNDARY and the "-mstructure-size-boundary=XX"
option if you're a gcc person), even when the members of said structures
do not want or need said alignment.
This completely messes up the structure alignment of 'struct edid' on
those targets, because even though all the embedded structures are
marked with "__attribute__((packed))", the unions that contain them are
not.
This was exposed by commit f1e4c916f97f ("drm/edid: add EDID block count
and size helpers"), but the bug is pre-existing. That commit just made
the structure layout problem cause a build failure due to the addition
of the
BUILD_BUG_ON(sizeof(*edid) != EDID_LENGTH);
sanity check in drivers/gpu/drm/drm_edid.c:edid_block_data().
This legacy union alignment should probably not be used in the first
place, but we can fix the layout by adding the packed attribute to the
union entries even when each member is already packed and it shouldn't
matter in a sane build environment.
You can see this issue with a trivial test program:
union {
struct {
char c[5];
};
struct {
char d;
unsigned e;
} __attribute__((packed));
} a = { "1234" };
where building this with a normal "gcc -S" will result in the expected
5-byte size of said union:
.type a, @object
.size a, 5
but with an ARM compiler and the old ABI:
arm-linux-gnu-gcc -mabi=apcs-gnu -mfloat-abi=soft -S t.c
you get
.type a, %object
.size a, 8
instead, because even though each member of the union is packed, the
union itself still gets aligned.
This was reported by Sudip for the spear3xx_defconfig target.
Link: https://lore.kernel.org/lkml/YpCUzStDnSgQLNFN@debian/
Reported-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Maxime Ripard <mripard@kernel.org>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/drm/drm_edid.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/drm/drm_edid.h b/include/drm/drm_edid.h
index e97daf6ffbb1..4526b6a1e583 100644
--- a/include/drm/drm_edid.h
+++ b/include/drm/drm_edid.h
@@ -121,7 +121,7 @@ struct detailed_data_monitor_range {
u8 supported_scalings;
u8 preferred_refresh;
} __attribute__((packed)) cvt;
- } formula;
+ } __attribute__((packed)) formula;
} __attribute__((packed));
struct detailed_data_wpindex {
@@ -154,7 +154,7 @@ struct detailed_non_pixel {
struct detailed_data_wpindex color;
struct std_timing timings[6];
struct cvt_timing cvt[4];
- } data;
+ } __attribute__((packed)) data;
} __attribute__((packed));
#define EDID_DETAIL_EST_TIMINGS 0xf7
@@ -172,7 +172,7 @@ struct detailed_timing {
union {
struct detailed_pixel_timing pixel_data;
struct detailed_non_pixel other_data;
- } data;
+ } __attribute__((packed)) data;
} __attribute__((packed));
#define DRM_EDID_INPUT_SERRATION_VSYNC (1 << 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 121/452] dt-bindings: display: sitronix, st7735r: Fix backlight in example
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 120/452] drm: fix EDID struct for old ARM OABI format Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 122/452] ath11k: acquire ab->base_lock in unassign when finding the peer by addr Greg Kroah-Hartman
` (336 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Noralf Trønnes, Rob Herring,
Geert Uytterhoeven, David Lechner, Sasha Levin
From: Noralf Trønnes <noralf@tronnes.org>
[ Upstream commit 471e201f543559e2cb19b182b680ebf04d80ee31 ]
The backlight property was lost during conversion to yaml in commit
abdd9e3705c8 ("dt-bindings: display: sitronix,st7735r: Convert to DT schema").
Put it back.
Fixes: abdd9e3705c8 ("dt-bindings: display: sitronix,st7735r: Convert to DT schema")
Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
Acked-by: Rob Herring <robh@kernel.org>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: David Lechner <david@lechnology.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20211124150757.17929-2-noralf@tronnes.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/devicetree/bindings/display/sitronix,st7735r.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/Documentation/devicetree/bindings/display/sitronix,st7735r.yaml b/Documentation/devicetree/bindings/display/sitronix,st7735r.yaml
index 0cebaaefda03..419c3b2ac5a6 100644
--- a/Documentation/devicetree/bindings/display/sitronix,st7735r.yaml
+++ b/Documentation/devicetree/bindings/display/sitronix,st7735r.yaml
@@ -72,6 +72,7 @@ examples:
dc-gpios = <&gpio 43 GPIO_ACTIVE_HIGH>;
reset-gpios = <&gpio 80 GPIO_ACTIVE_HIGH>;
rotation = <270>;
+ backlight = <&backlight>;
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 122/452] ath11k: acquire ab->base_lock in unassign when finding the peer by addr
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 121/452] dt-bindings: display: sitronix, st7735r: Fix backlight in example Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 123/452] ath9k: fix ar9003_get_eepmisc Greg Kroah-Hartman
` (335 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niels Dossche, Kalle Valo, Sasha Levin
From: Niels Dossche <dossche.niels@gmail.com>
[ Upstream commit 2db80f93869d491be57cbc2b36f30d0d3a0e5bde ]
ath11k_peer_find_by_addr states via lockdep that ab->base_lock must be
held when calling that function in order to protect the list. All
callers except ath11k_mac_op_unassign_vif_chanctx have that lock
acquired when calling ath11k_peer_find_by_addr. That lock is also not
transitively held by a path towards ath11k_mac_op_unassign_vif_chanctx.
The solution is to acquire the lock when calling
ath11k_peer_find_by_addr inside ath11k_mac_op_unassign_vif_chanctx.
I am currently working on a static analyser to detect missing locks and
this was a reported case. I manually verified the report by looking at
the code, but I do not have real hardware so this is compile tested
only.
Fixes: 701e48a43e15 ("ath11k: add packet log support for QCA6390")
Signed-off-by: Niels Dossche <dossche.niels@gmail.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220314215253.92658-1-dossche.niels@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/mac.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
index cc9122f42024..b2928a5cf72e 100644
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
@@ -5325,6 +5325,7 @@ ath11k_mac_op_unassign_vif_chanctx(struct ieee80211_hw *hw,
struct ath11k *ar = hw->priv;
struct ath11k_base *ab = ar->ab;
struct ath11k_vif *arvif = (void *)vif->drv_priv;
+ struct ath11k_peer *peer;
int ret;
mutex_lock(&ar->conf_mutex);
@@ -5336,9 +5337,13 @@ ath11k_mac_op_unassign_vif_chanctx(struct ieee80211_hw *hw,
WARN_ON(!arvif->is_started);
if (ab->hw_params.vdev_start_delay &&
- arvif->vdev_type == WMI_VDEV_TYPE_MONITOR &&
- ath11k_peer_find_by_addr(ab, ar->mac_addr))
- ath11k_peer_delete(ar, arvif->vdev_id, ar->mac_addr);
+ arvif->vdev_type == WMI_VDEV_TYPE_MONITOR) {
+ spin_lock_bh(&ab->base_lock);
+ peer = ath11k_peer_find_by_addr(ab, ar->mac_addr);
+ spin_unlock_bh(&ab->base_lock);
+ if (peer)
+ ath11k_peer_delete(ar, arvif->vdev_id, ar->mac_addr);
+ }
ret = ath11k_mac_vdev_stop(arvif);
if (ret)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 123/452] ath9k: fix ar9003_get_eepmisc
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 122/452] ath11k: acquire ab->base_lock in unassign when finding the peer by addr Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 124/452] drm/edid: fix invalid EDID extension block filtering Greg Kroah-Hartman
` (334 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wenli Looi,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
From: Wenli Looi <wlooi@ucalgary.ca>
[ Upstream commit 9aaff3864b603408c02c629957ae8d8ff5d5a4f2 ]
The current implementation is reading the wrong eeprom type.
Fixes: d8ec2e2a63e8 ("ath9k: Add an eeprom_ops callback for retrieving the eepmisc value")
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220320233010.123106-5-wlooi@ucalgary.ca
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/ar9003_eeprom.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
index b0a4ca3559fd..abed1effd95c 100644
--- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
+++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
@@ -5615,7 +5615,7 @@ unsigned int ar9003_get_paprd_scale_factor(struct ath_hw *ah,
static u8 ar9003_get_eepmisc(struct ath_hw *ah)
{
- return ah->eeprom.map4k.baseEepHeader.eepMisc;
+ return ah->eeprom.ar9300_eep.baseEepHeader.opCapFlags.eepMisc;
}
const struct eeprom_ops eep_ar9300_ops = {
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 124/452] drm/edid: fix invalid EDID extension block filtering
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 123/452] ath9k: fix ar9003_get_eepmisc Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 125/452] drm/bridge: adv7511: clean up CEC adapter when probe fails Greg Kroah-Hartman
` (333 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ville Syrjälä,
Jani Nikula, Sasha Levin
From: Jani Nikula <jani.nikula@intel.com>
[ Upstream commit 3aefc722ff52076407203b6af9713de567993adf ]
The invalid EDID block filtering uses the number of valid EDID
extensions instead of all EDID extensions for looping the extensions in
the copy. This is fine, by coincidence, if all the invalid blocks are at
the end of the EDID. However, it's completely broken if there are
invalid extensions in the middle; the invalid blocks are included and
valid blocks are excluded.
Fix it by modifying the base block after, not before, the copy.
Fixes: 14544d0937bf ("drm/edid: Only print the bad edid when aborting")
Reported-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220330170426.349248-1-jani.nikula@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_edid.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c
index 862e173d3431..4334e466b4e0 100644
--- a/drivers/gpu/drm/drm_edid.c
+++ b/drivers/gpu/drm/drm_edid.c
@@ -1995,9 +1995,6 @@ struct edid *drm_do_get_edid(struct drm_connector *connector,
connector_bad_edid(connector, edid, edid[0x7e] + 1);
- edid[EDID_LENGTH-1] += edid[0x7e] - valid_extensions;
- edid[0x7e] = valid_extensions;
-
new = kmalloc_array(valid_extensions + 1, EDID_LENGTH,
GFP_KERNEL);
if (!new)
@@ -2014,6 +2011,9 @@ struct edid *drm_do_get_edid(struct drm_connector *connector,
base += EDID_LENGTH;
}
+ new[EDID_LENGTH - 1] += new[0x7e] - valid_extensions;
+ new[0x7e] = valid_extensions;
+
kfree(edid);
edid = new;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 125/452] drm/bridge: adv7511: clean up CEC adapter when probe fails
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 124/452] drm/edid: fix invalid EDID extension block filtering Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 126/452] spi: qcom-qspi: Add minItems to interconnect-names Greg Kroah-Hartman
` (332 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lucas Stach, Robert Foss, Sasha Levin
From: Lucas Stach <l.stach@pengutronix.de>
[ Upstream commit 7ed2b0dabf7a22874cb30f8878df239ef638eb53 ]
When the probe routine fails we also need to clean up the
CEC adapter registered in adv7511_cec_init().
Fixes: 3b1b975003e4 ("drm: adv7511/33: add HDMI CEC support")
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220321104705.2804423-1-l.stach@pengutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
index c6f059be4b89..aca2f14f04c2 100644
--- a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
+++ b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
@@ -1306,6 +1306,7 @@ static int adv7511_probe(struct i2c_client *i2c, const struct i2c_device_id *id)
return 0;
err_unregister_cec:
+ cec_unregister_adapter(adv7511->cec_adap);
i2c_unregister_device(adv7511->i2c_cec);
if (adv7511->cec_clk)
clk_disable_unprepare(adv7511->cec_clk);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 126/452] spi: qcom-qspi: Add minItems to interconnect-names
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 125/452] drm/bridge: adv7511: clean up CEC adapter when probe fails Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 127/452] ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Greg Kroah-Hartman
` (331 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kuldeep Singh, Krzysztof Kozlowski,
Mark Brown, Sasha Levin
From: Kuldeep Singh <singh.kuldeep87k@gmail.com>
[ Upstream commit e23d86c49a9c78e8dbe3abff20b30812b26ab427 ]
Add minItems constraint to interconnect-names as well. The schema
currently tries to match 2 names and fail for DTs with single entry.
With the change applied, below interconnect-names values are possible:
['qspi-config'], ['qspi-config', 'qspi-memory']
Fixes: 8f9c291558ea ("dt-bindings: spi: Add interconnect binding for QSPI")
Signed-off-by: Kuldeep Singh <singh.kuldeep87k@gmail.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220328192006.18523-1-singh.kuldeep87k@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/devicetree/bindings/spi/qcom,spi-qcom-qspi.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/Documentation/devicetree/bindings/spi/qcom,spi-qcom-qspi.yaml b/Documentation/devicetree/bindings/spi/qcom,spi-qcom-qspi.yaml
index ef5698f426b2..392204a08e96 100644
--- a/Documentation/devicetree/bindings/spi/qcom,spi-qcom-qspi.yaml
+++ b/Documentation/devicetree/bindings/spi/qcom,spi-qcom-qspi.yaml
@@ -45,6 +45,7 @@ properties:
maxItems: 2
interconnect-names:
+ minItems: 1
items:
- const: qspi-config
- const: qspi-memory
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 127/452] ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 126/452] spi: qcom-qspi: Add minItems to interconnect-names Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 128/452] ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe Greg Kroah-Hartman
` (330 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin,
AngeloGioacchino Del Regno, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 4f4e0454e226de3bf4efd7e7924d1edc571c52d5 ]
Call of_node_put(platform_node) to avoid refcount leak in
the error path.
Fixes: 94319ba10eca ("ASoC: mediatek: Use platform_of_node for machine drivers")
Fixes: 493433785df0 ("ASoC: mediatek: mt8173: fix device_node leak")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20220404092903.26725-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/mediatek/mt8173/mt8173-max98090.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/sound/soc/mediatek/mt8173/mt8173-max98090.c b/sound/soc/mediatek/mt8173/mt8173-max98090.c
index 3bdd4931316c..5f39e810e27a 100644
--- a/sound/soc/mediatek/mt8173/mt8173-max98090.c
+++ b/sound/soc/mediatek/mt8173/mt8173-max98090.c
@@ -167,7 +167,8 @@ static int mt8173_max98090_dev_probe(struct platform_device *pdev)
if (!codec_node) {
dev_err(&pdev->dev,
"Property 'audio-codec' missing or invalid\n");
- return -EINVAL;
+ ret = -EINVAL;
+ goto put_platform_node;
}
for_each_card_prelinks(card, i, dai_link) {
if (dai_link->codecs->name)
@@ -182,6 +183,8 @@ static int mt8173_max98090_dev_probe(struct platform_device *pdev)
__func__, ret);
of_node_put(codec_node);
+
+put_platform_node:
of_node_put(platform_node);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 128/452] ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 127/452] ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 129/452] x86/delay: Fix the wrong asm constraint in delay_loop() Greg Kroah-Hartman
` (329 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 05654431a18fe24e5e46a375d98904134628a102 ]
This node pointer is returned by of_parse_phandle() with
refcount incremented in this function.
Calling of_node_put() to avoid the refcount leak.
Fixes: 8625c1dbd876 ("ASoC: mediatek: Add mt2701-wm8960 machine driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220404093526.30004-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/mediatek/mt2701/mt2701-wm8960.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/sound/soc/mediatek/mt2701/mt2701-wm8960.c b/sound/soc/mediatek/mt2701/mt2701-wm8960.c
index 414e422c0eba..70e494fb3da8 100644
--- a/sound/soc/mediatek/mt2701/mt2701-wm8960.c
+++ b/sound/soc/mediatek/mt2701/mt2701-wm8960.c
@@ -129,7 +129,8 @@ static int mt2701_wm8960_machine_probe(struct platform_device *pdev)
if (!codec_node) {
dev_err(&pdev->dev,
"Property 'audio-codec' missing or invalid\n");
- return -EINVAL;
+ ret = -EINVAL;
+ goto put_platform_node;
}
for_each_card_prelinks(card, i, dai_link) {
if (dai_link->codecs->name)
@@ -140,7 +141,7 @@ static int mt2701_wm8960_machine_probe(struct platform_device *pdev)
ret = snd_soc_of_parse_audio_routing(card, "audio-routing");
if (ret) {
dev_err(&pdev->dev, "failed to parse audio-routing: %d\n", ret);
- return ret;
+ goto put_codec_node;
}
ret = devm_snd_soc_register_card(&pdev->dev, card);
@@ -148,6 +149,10 @@ static int mt2701_wm8960_machine_probe(struct platform_device *pdev)
dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n",
__func__, ret);
+put_codec_node:
+ of_node_put(codec_node);
+put_platform_node:
+ of_node_put(platform_node);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 129/452] x86/delay: Fix the wrong asm constraint in delay_loop()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 128/452] ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 130/452] drm/ingenic: Reset pixclock rate when parent clock rate changes Greg Kroah-Hartman
` (328 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ammar Faizi, Borislav Petkov, Sasha Levin
From: Ammar Faizi <ammarfaizi2@gnuweeb.org>
[ Upstream commit b86eb74098a92afd789da02699b4b0dd3f73b889 ]
The asm constraint does not reflect the fact that the asm statement can
modify the value of the local variable loops. Which it does.
Specifying the wrong constraint may lead to undefined behavior, it may
clobber random stuff (e.g. local variable, important temporary value in
regs, etc.). This is especially dangerous when the compiler decides to
inline the function and since it doesn't know that the value gets
modified, it might decide to use it from a register directly without
reloading it.
Change the constraint to "+a" to denote that the first argument is an
input and an output argument.
[ bp: Fix typo, massage commit message. ]
Fixes: e01b70ef3eb3 ("x86: fix bug in arch/i386/lib/delay.c file, delay_loop function")
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20220329104705.65256-2-ammarfaizi2@gnuweeb.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/lib/delay.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/lib/delay.c b/arch/x86/lib/delay.c
index 65d15df6212d..0e65d00e2339 100644
--- a/arch/x86/lib/delay.c
+++ b/arch/x86/lib/delay.c
@@ -54,8 +54,8 @@ static void delay_loop(u64 __loops)
" jnz 2b \n"
"3: dec %0 \n"
- : /* we don't need output */
- :"a" (loops)
+ : "+a" (loops)
+ :
);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 130/452] drm/ingenic: Reset pixclock rate when parent clock rate changes
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 129/452] x86/delay: Fix the wrong asm constraint in delay_loop() Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 131/452] drm/mediatek: Fix mtk_cec_mask() Greg Kroah-Hartman
` (327 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Cercueil, Sam Ravnborg, Sasha Levin
From: Paul Cercueil <paul@crapouillou.net>
[ Upstream commit 33700f6f7d9f6b4e1e6df933ef7fd388889c662c ]
Old Ingenic SoCs can overclock very well, up to +50% of their nominal
clock rate, whithout requiring overvolting or anything like that, just
by changing the rate of the main PLL. Unfortunately, all clocks on the
system are derived from that PLL, and when the PLL rate is updated, so
is our pixel clock.
To counter that issue, we make sure that the panel is in VBLANK before
the rate change happens, and we will then re-set the pixel clock rate
afterwards, once the PLL has been changed, to be as close as possible to
the pixel rate requested by the encoder.
v2: Add comment about mutex usage
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20200926170501.1109197-2-paul@crapouillou.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/ingenic/ingenic-drm-drv.c | 61 ++++++++++++++++++++++-
1 file changed, 60 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/ingenic/ingenic-drm-drv.c b/drivers/gpu/drm/ingenic/ingenic-drm-drv.c
index b6bb5fc7d183..e34718cf5c2e 100644
--- a/drivers/gpu/drm/ingenic/ingenic-drm-drv.c
+++ b/drivers/gpu/drm/ingenic/ingenic-drm-drv.c
@@ -10,6 +10,7 @@
#include <linux/clk.h>
#include <linux/dma-mapping.h>
#include <linux/module.h>
+#include <linux/mutex.h>
#include <linux/of_device.h>
#include <linux/platform_device.h>
#include <linux/regmap.h>
@@ -68,6 +69,21 @@ struct ingenic_drm {
bool panel_is_sharp;
bool no_vblank;
+
+ /*
+ * clk_mutex is used to synchronize the pixel clock rate update with
+ * the VBLANK. When the pixel clock's parent clock needs to be updated,
+ * clock_nb's notifier function will lock the mutex, then wait until the
+ * next VBLANK. At that point, the parent clock's rate can be updated,
+ * and the mutex is then unlocked. If an atomic commit happens in the
+ * meantime, it will lock on the mutex, effectively waiting until the
+ * clock update process finishes. Finally, the pixel clock's rate will
+ * be recomputed when the mutex has been released, in the pending atomic
+ * commit, or a future one.
+ */
+ struct mutex clk_mutex;
+ bool update_clk_rate;
+ struct notifier_block clock_nb;
};
static const u32 ingenic_drm_primary_formats[] = {
@@ -111,6 +127,29 @@ static inline struct ingenic_drm *drm_crtc_get_priv(struct drm_crtc *crtc)
return container_of(crtc, struct ingenic_drm, crtc);
}
+static inline struct ingenic_drm *drm_nb_get_priv(struct notifier_block *nb)
+{
+ return container_of(nb, struct ingenic_drm, clock_nb);
+}
+
+static int ingenic_drm_update_pixclk(struct notifier_block *nb,
+ unsigned long action,
+ void *data)
+{
+ struct ingenic_drm *priv = drm_nb_get_priv(nb);
+
+ switch (action) {
+ case PRE_RATE_CHANGE:
+ mutex_lock(&priv->clk_mutex);
+ priv->update_clk_rate = true;
+ drm_crtc_wait_one_vblank(&priv->crtc);
+ return NOTIFY_OK;
+ default:
+ mutex_unlock(&priv->clk_mutex);
+ return NOTIFY_OK;
+ }
+}
+
static void ingenic_drm_crtc_atomic_enable(struct drm_crtc *crtc,
struct drm_crtc_state *state)
{
@@ -276,8 +315,14 @@ static void ingenic_drm_crtc_atomic_flush(struct drm_crtc *crtc,
if (drm_atomic_crtc_needs_modeset(state)) {
ingenic_drm_crtc_update_timings(priv, &state->mode);
+ priv->update_clk_rate = true;
+ }
+ if (priv->update_clk_rate) {
+ mutex_lock(&priv->clk_mutex);
clk_set_rate(priv->pix_clk, state->adjusted_mode.clock * 1000);
+ priv->update_clk_rate = false;
+ mutex_unlock(&priv->clk_mutex);
}
if (event) {
@@ -936,16 +981,28 @@ static int ingenic_drm_bind(struct device *dev, bool has_components)
if (soc_info->has_osd)
regmap_write(priv->map, JZ_REG_LCD_OSDC, JZ_LCD_OSDC_OSDEN);
+ mutex_init(&priv->clk_mutex);
+ priv->clock_nb.notifier_call = ingenic_drm_update_pixclk;
+
+ parent_clk = clk_get_parent(priv->pix_clk);
+ ret = clk_notifier_register(parent_clk, &priv->clock_nb);
+ if (ret) {
+ dev_err(dev, "Unable to register clock notifier\n");
+ goto err_devclk_disable;
+ }
+
ret = drm_dev_register(drm, 0);
if (ret) {
dev_err(dev, "Failed to register DRM driver\n");
- goto err_devclk_disable;
+ goto err_clk_notifier_unregister;
}
drm_fbdev_generic_setup(drm, 32);
return 0;
+err_clk_notifier_unregister:
+ clk_notifier_unregister(parent_clk, &priv->clock_nb);
err_devclk_disable:
if (priv->lcd_clk)
clk_disable_unprepare(priv->lcd_clk);
@@ -967,7 +1024,9 @@ static int compare_of(struct device *dev, void *data)
static void ingenic_drm_unbind(struct device *dev)
{
struct ingenic_drm *priv = dev_get_drvdata(dev);
+ struct clk *parent_clk = clk_get_parent(priv->pix_clk);
+ clk_notifier_unregister(parent_clk, &priv->clock_nb);
if (priv->lcd_clk)
clk_disable_unprepare(priv->lcd_clk);
clk_disable_unprepare(priv->pix_clk);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 131/452] drm/mediatek: Fix mtk_cec_mask()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 130/452] drm/ingenic: Reset pixclock rate when parent clock rate changes Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 132/452] drm/vc4: hvs: Reset muxes at probe time Greg Kroah-Hartman
` (326 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miles Chen,
AngeloGioacchino Del Regno, Matthias Brugger, Zhiqiang Lin,
CK Hu, Chun-Kuang Hu, Sasha Levin
From: Miles Chen <miles.chen@mediatek.com>
[ Upstream commit 2c5d69b0a141e1e98febe3111e6f4fd8420493a5 ]
In current implementation, mtk_cec_mask() writes val into target register
and ignores the mask. After talking to our hdmi experts, mtk_cec_mask()
should read a register, clean only mask bits, and update (val | mask) bits
to the register.
Link: https://patchwork.kernel.org/project/linux-mediatek/patch/20220315232301.2434-1-miles.chen@mediatek.com/
Fixes: 8f83f26891e1 ("drm/mediatek: Add HDMI support")
Signed-off-by: Miles Chen <miles.chen@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Cc: Zhiqiang Lin <zhiqiang.lin@mediatek.com>
Cc: CK Hu <ck.hu@mediatek.com>
Cc: Matthias Brugger <matthias.bgg@gmail.com>
Cc: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Chun-Kuang Hu <chunkuang.hu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/mediatek/mtk_cec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/mediatek/mtk_cec.c b/drivers/gpu/drm/mediatek/mtk_cec.c
index cb29b649fcdb..12bf93769497 100644
--- a/drivers/gpu/drm/mediatek/mtk_cec.c
+++ b/drivers/gpu/drm/mediatek/mtk_cec.c
@@ -84,7 +84,7 @@ static void mtk_cec_mask(struct mtk_cec *cec, unsigned int offset,
u32 tmp = readl(cec->regs + offset) & ~mask;
tmp |= val & mask;
- writel(val, cec->regs + offset);
+ writel(tmp, cec->regs + offset);
}
void mtk_cec_set_hpd_event(struct device *dev,
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 132/452] drm/vc4: hvs: Reset muxes at probe time
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 131/452] drm/mediatek: Fix mtk_cec_mask() Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 133/452] drm/vc4: txp: Dont set TXP_VSTART_AT_EOF Greg Kroah-Hartman
` (325 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Ripard, Thomas Zimmermann,
Sasha Levin
From: Maxime Ripard <maxime@cerno.tech>
[ Upstream commit 8514e6b1f40319e31ac4aa3fbf606796786366c9 ]
By default, the HVS driver will force the HVS output 3 to be muxed to
the HVS channel 2. However, the Transposer can only be assigned to the
HVS channel 2, so whenever we try to use the writeback connector, we'll
mux its associated output (Output 2) to the channel 2.
This leads to both the output 2 and 3 feeding from the same channel,
which is explicitly discouraged in the documentation.
In order to avoid this, let's reset all the output muxes to their reset
value.
Fixes: 87ebcd42fb7b ("drm/vc4: crtc: Assign output to channel automatically")
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://lore.kernel.org/r/20220328153659.2382206-2-maxime@cerno.tech
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_hvs.c | 26 +++++++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/vc4/vc4_hvs.c b/drivers/gpu/drm/vc4/vc4_hvs.c
index ad691571d759..95fa6fc052a7 100644
--- a/drivers/gpu/drm/vc4/vc4_hvs.c
+++ b/drivers/gpu/drm/vc4/vc4_hvs.c
@@ -564,6 +564,7 @@ static int vc4_hvs_bind(struct device *dev, struct device *master, void *data)
struct vc4_hvs *hvs = NULL;
int ret;
u32 dispctrl;
+ u32 reg;
hvs = devm_kzalloc(&pdev->dev, sizeof(*hvs), GFP_KERNEL);
if (!hvs)
@@ -635,6 +636,26 @@ static int vc4_hvs_bind(struct device *dev, struct device *master, void *data)
vc4->hvs = hvs;
+ reg = HVS_READ(SCALER_DISPECTRL);
+ reg &= ~SCALER_DISPECTRL_DSP2_MUX_MASK;
+ HVS_WRITE(SCALER_DISPECTRL,
+ reg | VC4_SET_FIELD(0, SCALER_DISPECTRL_DSP2_MUX));
+
+ reg = HVS_READ(SCALER_DISPCTRL);
+ reg &= ~SCALER_DISPCTRL_DSP3_MUX_MASK;
+ HVS_WRITE(SCALER_DISPCTRL,
+ reg | VC4_SET_FIELD(3, SCALER_DISPCTRL_DSP3_MUX));
+
+ reg = HVS_READ(SCALER_DISPEOLN);
+ reg &= ~SCALER_DISPEOLN_DSP4_MUX_MASK;
+ HVS_WRITE(SCALER_DISPEOLN,
+ reg | VC4_SET_FIELD(3, SCALER_DISPEOLN_DSP4_MUX));
+
+ reg = HVS_READ(SCALER_DISPDITHER);
+ reg &= ~SCALER_DISPDITHER_DSP5_MUX_MASK;
+ HVS_WRITE(SCALER_DISPDITHER,
+ reg | VC4_SET_FIELD(3, SCALER_DISPDITHER_DSP5_MUX));
+
dispctrl = HVS_READ(SCALER_DISPCTRL);
dispctrl |= SCALER_DISPCTRL_ENABLE;
@@ -642,10 +663,6 @@ static int vc4_hvs_bind(struct device *dev, struct device *master, void *data)
SCALER_DISPCTRL_DISPEIRQ(1) |
SCALER_DISPCTRL_DISPEIRQ(2);
- /* Set DSP3 (PV1) to use HVS channel 2, which would otherwise
- * be unused.
- */
- dispctrl &= ~SCALER_DISPCTRL_DSP3_MUX_MASK;
dispctrl &= ~(SCALER_DISPCTRL_DMAEIRQ |
SCALER_DISPCTRL_SLVWREIRQ |
SCALER_DISPCTRL_SLVRDEIRQ |
@@ -659,7 +676,6 @@ static int vc4_hvs_bind(struct device *dev, struct device *master, void *data)
SCALER_DISPCTRL_DSPEISLUR(1) |
SCALER_DISPCTRL_DSPEISLUR(2) |
SCALER_DISPCTRL_SCLEIRQ);
- dispctrl |= VC4_SET_FIELD(2, SCALER_DISPCTRL_DSP3_MUX);
HVS_WRITE(SCALER_DISPCTRL, dispctrl);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 133/452] drm/vc4: txp: Dont set TXP_VSTART_AT_EOF
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 132/452] drm/vc4: hvs: Reset muxes at probe time Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 134/452] drm/vc4: txp: Force alpha to be 0xff if its disabled Greg Kroah-Hartman
` (324 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Ripard, Thomas Zimmermann,
Sasha Levin
From: Maxime Ripard <maxime@cerno.tech>
[ Upstream commit 234998df929f14d00cbf2f1e81a7facb69fd9266 ]
The TXP_VSTART_AT_EOF will generate a second VSTART signal to the HVS.
However, the HVS waits for VSTART to enable the FIFO and will thus start
filling the FIFO before the start of the frame.
This leads to corruption at the beginning of the first frame, and
content from the previous frame at the beginning of the next frames.
Since one VSTART is enough, let's get rid of it.
Fixes: 008095e065a8 ("drm/vc4: Add support for the transposer block")
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://lore.kernel.org/r/20220328153659.2382206-3-maxime@cerno.tech
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_txp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/vc4/vc4_txp.c b/drivers/gpu/drm/vc4/vc4_txp.c
index d13502ae973d..d4e750cf3c02 100644
--- a/drivers/gpu/drm/vc4/vc4_txp.c
+++ b/drivers/gpu/drm/vc4/vc4_txp.c
@@ -295,7 +295,7 @@ static void vc4_txp_connector_atomic_commit(struct drm_connector *conn,
if (WARN_ON(i == ARRAY_SIZE(drm_fmts)))
return;
- ctrl = TXP_GO | TXP_VSTART_AT_EOF | TXP_EI |
+ ctrl = TXP_GO | TXP_EI |
VC4_SET_FIELD(0xf, TXP_BYTE_ENABLE) |
VC4_SET_FIELD(txp_fmts[i], TXP_FORMAT);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 134/452] drm/vc4: txp: Force alpha to be 0xff if its disabled
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 133/452] drm/vc4: txp: Dont set TXP_VSTART_AT_EOF Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 135/452] libbpf: Dont error out on CO-RE relos for overriden weak subprogs Greg Kroah-Hartman
` (323 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxime Ripard, Thomas Zimmermann,
Sasha Levin
From: Maxime Ripard <maxime@cerno.tech>
[ Upstream commit 5453343a88ede8b12812fced81ecd24cb888ccc3 ]
If we use a format that has padding instead of the alpha component (such
as XRGB8888), it appears that the Transposer will fill the padding to 0,
disregarding what was stored in the input buffer padding.
This leads to issues with IGT, since it will set the padding to 0xff,
but will then compare the CRC of the two frames which will thus fail.
Another nice side effect is that it is now possible to just use the
buffer as ARGB.
Fixes: 008095e065a8 ("drm/vc4: Add support for the transposer block")
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://lore.kernel.org/r/20220328153659.2382206-4-maxime@cerno.tech
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_txp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/vc4/vc4_txp.c b/drivers/gpu/drm/vc4/vc4_txp.c
index d4e750cf3c02..f8fa09dfea5d 100644
--- a/drivers/gpu/drm/vc4/vc4_txp.c
+++ b/drivers/gpu/drm/vc4/vc4_txp.c
@@ -301,6 +301,12 @@ static void vc4_txp_connector_atomic_commit(struct drm_connector *conn,
if (fb->format->has_alpha)
ctrl |= TXP_ALPHA_ENABLE;
+ else
+ /*
+ * If TXP_ALPHA_ENABLE isn't set and TXP_ALPHA_INVERT is, the
+ * hardware will force the output padding to be 0xff.
+ */
+ ctrl |= TXP_ALPHA_INVERT;
gem = drm_fb_cma_get_gem_obj(fb, 0);
TXP_WRITE(TXP_DST_PTR, gem->paddr + fb->offsets[0]);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 135/452] libbpf: Dont error out on CO-RE relos for overriden weak subprogs
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 134/452] drm/vc4: txp: Force alpha to be 0xff if its disabled Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 136/452] bpf: Fix excessive memory allocation in stack_map_alloc() Greg Kroah-Hartman
` (322 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrii Nakryiko, Daniel Borkmann,
Sasha Levin
From: Andrii Nakryiko <andrii@kernel.org>
[ Upstream commit e89d57d938c8fa80c457982154ed6110804814fe ]
During BPF static linking, all the ELF relocations and .BTF.ext
information (including CO-RE relocations) are preserved for __weak
subprograms that were logically overriden by either previous weak
subprogram instance or by corresponding "strong" (non-weak) subprogram.
This is just how native user-space linkers work, nothing new.
But libbpf is over-zealous when processing CO-RE relocation to error out
when CO-RE relocation belonging to such eliminated weak subprogram is
encountered. Instead of erroring out on this expected situation, log
debug-level message and skip the relocation.
Fixes: db2b8b06423c ("libbpf: Support CO-RE relocations for multi-prog sections")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20220408181425.2287230-2-andrii@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/libbpf.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 61df26f048d9..dda8f9cdc652 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -5945,10 +5945,17 @@ bpf_object__relocate_core(struct bpf_object *obj, const char *targ_btf_path)
insn_idx = rec->insn_off / BPF_INSN_SZ;
prog = find_prog_by_sec_insn(obj, sec_idx, insn_idx);
if (!prog) {
- pr_warn("sec '%s': failed to find program at insn #%d for CO-RE offset relocation #%d\n",
- sec_name, insn_idx, i);
- err = -EINVAL;
- goto out;
+ /* When __weak subprog is "overridden" by another instance
+ * of the subprog from a different object file, linker still
+ * appends all the .BTF.ext info that used to belong to that
+ * eliminated subprogram.
+ * This is similar to what x86-64 linker does for relocations.
+ * So just ignore such relocations just like we ignore
+ * subprog instructions when discovering subprograms.
+ */
+ pr_debug("sec '%s': skipping CO-RE relocation #%d for insn #%d belonging to eliminated weak subprogram\n",
+ sec_name, i, insn_idx);
+ continue;
}
/* no need to apply CO-RE relocation if the program is
* not going to be loaded
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 136/452] bpf: Fix excessive memory allocation in stack_map_alloc()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 135/452] libbpf: Dont error out on CO-RE relos for overriden weak subprogs Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-08 11:40 ` Pavel Machek
2022-06-07 16:59 ` [PATCH 5.10 137/452] nl80211: show SSID for P2P_GO interfaces Greg Kroah-Hartman
` (321 subsequent siblings)
457 siblings, 1 reply; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yuntao Wang, Daniel Borkmann, Sasha Levin
From: Yuntao Wang <ytcoode@gmail.com>
[ Upstream commit b45043192b3e481304062938a6561da2ceea46a6 ]
The 'n_buckets * (value_size + sizeof(struct stack_map_bucket))' part of the
allocated memory for 'smap' is never used after the memlock accounting was
removed, thus get rid of it.
[ Note, Daniel:
Commit b936ca643ade ("bpf: rework memlock-based memory accounting for maps")
moved `cost += n_buckets * (value_size + sizeof(struct stack_map_bucket))`
up and therefore before the bpf_map_area_alloc() allocation, sigh. In a later
step commit c85d69135a91 ("bpf: move memory size checks to bpf_map_charge_init()"),
and the overflow checks of `cost >= U32_MAX - PAGE_SIZE` moved into
bpf_map_charge_init(). And then 370868107bf6 ("bpf: Eliminate rlimit-based
memory accounting for stackmap maps") finally removed the bpf_map_charge_init().
Anyway, the original code did the allocation same way as /after/ this fix. ]
Fixes: b936ca643ade ("bpf: rework memlock-based memory accounting for maps")
Signed-off-by: Yuntao Wang <ytcoode@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20220407130423.798386-1-ytcoode@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/stackmap.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/kernel/bpf/stackmap.c b/kernel/bpf/stackmap.c
index 4575d2d60cb1..c19e669afba0 100644
--- a/kernel/bpf/stackmap.c
+++ b/kernel/bpf/stackmap.c
@@ -121,7 +121,6 @@ static struct bpf_map *stack_map_alloc(union bpf_attr *attr)
return ERR_PTR(-E2BIG);
cost = n_buckets * sizeof(struct stack_map_bucket *) + sizeof(*smap);
- cost += n_buckets * (value_size + sizeof(struct stack_map_bucket));
err = bpf_map_charge_init(&mem, cost);
if (err)
return ERR_PTR(err);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 137/452] nl80211: show SSID for P2P_GO interfaces
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 136/452] bpf: Fix excessive memory allocation in stack_map_alloc() Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 138/452] drm/komeda: Fix an undefined behavior bug in komeda_plane_add() Greg Kroah-Hartman
` (320 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johannes Berg, Sasha Levin
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit a75971bc2b8453630e9f85e0beaa4da8db8277a3 ]
There's no real reason not to send the SSID to userspace
when it requests information about P2P_GO, it is, in that
respect, exactly the same as AP interfaces. Fix that.
Fixes: 44905265bc15 ("nl80211: don't expose wdev->ssid for most interfaces")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20220318134656.14354ae223f0.Ia25e85a512281b92e1645d4160766a4b1a471597@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/wireless/nl80211.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index f8d5f35cfc66..8a7f0c8fba5e 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -3485,6 +3485,7 @@ static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flag
wdev_lock(wdev);
switch (wdev->iftype) {
case NL80211_IFTYPE_AP:
+ case NL80211_IFTYPE_P2P_GO:
if (wdev->ssid_len &&
nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
goto nla_put_failure_locked;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 138/452] drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 137/452] nl80211: show SSID for P2P_GO interfaces Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 139/452] drm: mali-dp: potential dereference of null pointer Greg Kroah-Hartman
` (319 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhou Qingyang, Liviu Dudau, Sasha Levin
From: Zhou Qingyang <zhou1615@umn.edu>
[ Upstream commit f5e284bb74ab296f98122673c7ecd22028b2c200 ]
In komeda_plane_add(), komeda_get_layer_fourcc_list() is assigned to
formats and used in drm_universal_plane_init().
drm_universal_plane_init() passes formats to
__drm_universal_plane_init(). __drm_universal_plane_init() further
passes formats to memcpy() as src parameter, which could lead to an
undefined behavior bug on failure of komeda_get_layer_fourcc_list().
Fix this bug by adding a check of formats.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_DRM_KOMEDA=m show no new warnings,
and our static analyzer no longer warns about this code.
Fixes: 61f1c4a8ab75 ("drm/komeda: Attach komeda_dev to DRM-KMS")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Liviu Dudau <liviu.dudau@arm.com>
Link: https://lore.kernel.org/dri-devel/20211201033704.32054-1-zhou1615@umn.edu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/arm/display/komeda/komeda_plane.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/arm/display/komeda/komeda_plane.c b/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
index a5f57b38d193..bc3f42e915e9 100644
--- a/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
+++ b/drivers/gpu/drm/arm/display/komeda/komeda_plane.c
@@ -264,6 +264,10 @@ static int komeda_plane_add(struct komeda_kms_dev *kms,
formats = komeda_get_layer_fourcc_list(&mdev->fmt_tbl,
layer->layer_type, &n_formats);
+ if (!formats) {
+ kfree(kplane);
+ return -ENOMEM;
+ }
err = drm_universal_plane_init(&kms->base, plane,
get_possible_crtcs(kms, c->pipeline),
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 139/452] drm: mali-dp: potential dereference of null pointer
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 138/452] drm/komeda: Fix an undefined behavior bug in komeda_plane_add() Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 140/452] spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout Greg Kroah-Hartman
` (318 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Brian Starkey,
Liviu Dudau, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 73c3ed7495c67b8fbdc31cf58e6ca8757df31a33 ]
The return value of kzalloc() needs to be checked.
To avoid use of null pointer '&state->base' in case of the
failure of alloc.
Fixes: 99665d072183 ("drm: mali-dp: add malidp_crtc_state struct")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Brian Starkey <brian.starkey@arm.com>
Signed-off-by: Liviu Dudau <liviu.dudau@arm.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20211214100837.46912-1-jiasheng@iscas.ac.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/arm/malidp_crtc.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/arm/malidp_crtc.c b/drivers/gpu/drm/arm/malidp_crtc.c
index 587d94798f5c..af729094260c 100644
--- a/drivers/gpu/drm/arm/malidp_crtc.c
+++ b/drivers/gpu/drm/arm/malidp_crtc.c
@@ -483,7 +483,10 @@ static void malidp_crtc_reset(struct drm_crtc *crtc)
if (crtc->state)
malidp_crtc_destroy_state(crtc, crtc->state);
- __drm_atomic_helper_crtc_reset(crtc, &state->base);
+ if (state)
+ __drm_atomic_helper_crtc_reset(crtc, &state->base);
+ else
+ __drm_atomic_helper_crtc_reset(crtc, NULL);
}
static int malidp_crtc_enable_vblank(struct drm_crtc *crtc)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 140/452] spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 139/452] drm: mali-dp: potential dereference of null pointer Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 141/452] scftorture: Fix distribution of short handler delays Greg Kroah-Hartman
` (317 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 8b1ea69a63eb62f97cef63e6d816b64ed84e8760 ]
wait_for_completion_timeout() returns unsigned long not int.
It returns 0 if timed out, and positive if completed.
The check for <= 0 is ambiguous and should be == 0 here
indicating timeout which is the only error case.
Fixes: 5720ec0a6d26 ("spi: spi-ti-qspi: Add DMA support for QSPI mmap read")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220411111034.24447-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-ti-qspi.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/spi/spi-ti-qspi.c b/drivers/spi/spi-ti-qspi.c
index e06aafe169e0..081da1fd3fd7 100644
--- a/drivers/spi/spi-ti-qspi.c
+++ b/drivers/spi/spi-ti-qspi.c
@@ -448,6 +448,7 @@ static int ti_qspi_dma_xfer(struct ti_qspi *qspi, dma_addr_t dma_dst,
enum dma_ctrl_flags flags = DMA_CTRL_ACK | DMA_PREP_INTERRUPT;
struct dma_async_tx_descriptor *tx;
int ret;
+ unsigned long time_left;
tx = dmaengine_prep_dma_memcpy(chan, dma_dst, dma_src, len, flags);
if (!tx) {
@@ -467,9 +468,9 @@ static int ti_qspi_dma_xfer(struct ti_qspi *qspi, dma_addr_t dma_dst,
}
dma_async_issue_pending(chan);
- ret = wait_for_completion_timeout(&qspi->transfer_complete,
+ time_left = wait_for_completion_timeout(&qspi->transfer_complete,
msecs_to_jiffies(len));
- if (ret <= 0) {
+ if (time_left == 0) {
dmaengine_terminate_sync(chan);
dev_err(qspi->dev, "DMA wait_for_completion_timeout\n");
return -ETIMEDOUT;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 141/452] scftorture: Fix distribution of short handler delays
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 140/452] spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 142/452] net: dsa: mt7530: 1G can also support 1000BASE-X link mode Greg Kroah-Hartman
` (316 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paul E. McKenney, Sasha Levin
From: Paul E. McKenney <paulmck@kernel.org>
[ Upstream commit 8106bddbab5f0ba180e6d693c7c1fc6926d57caa ]
The scftorture test module's scf_handler() function is supposed to provide
three different distributions of short delays (including "no delay") and
one distribution of long delays, if specified by the scftorture.longwait
module parameter. However, the second of the two non-zero-wait short delays
is disabled due to the first such delay's "goto out" not being enclosed in
the "then" clause with the "udelay()".
This commit therefore adjusts the code to provide the intended set of
delays.
Fixes: e9d338a0b179 ("scftorture: Add smp_call_function() torture test")
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/scftorture.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/kernel/scftorture.c b/kernel/scftorture.c
index 554a521ee235..060ee0b1569a 100644
--- a/kernel/scftorture.c
+++ b/kernel/scftorture.c
@@ -253,9 +253,10 @@ static void scf_handler(void *scfc_in)
}
this_cpu_inc(scf_invoked_count);
if (longwait <= 0) {
- if (!(r & 0xffc0))
+ if (!(r & 0xffc0)) {
udelay(r & 0x3f);
- goto out;
+ goto out;
+ }
}
if (r & 0xfff)
goto out;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 142/452] net: dsa: mt7530: 1G can also support 1000BASE-X link mode
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 141/452] scftorture: Fix distribution of short handler delays Greg Kroah-Hartman
@ 2022-06-07 16:59 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 143/452] NFC: NULL out the dev->rfkill to prevent UAF Greg Kroah-Hartman
` (315 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 16:59 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Behún,
Russell King (Oracle),
Paolo Abeni, Sasha Levin
From: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
[ Upstream commit 66f862563ed68717dfd84e808ca12705ed275ced ]
When using an external PHY connected using RGMII to mt7531 port 5, the
PHY can be used to used support 1000BASE-X connections. Moreover, if
1000BASE-T is supported, then we should allow 1000BASE-X as well, since
which are supported is a property of the PHY.
Therefore, it makes no sense to exclude this from the linkmodes when
1000BASE-T is supported.
Fixes: c288575f7810 ("net: dsa: mt7530: Add the support of MT7531 switch")
Tested-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/dsa/mt7530.c | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/drivers/net/dsa/mt7530.c b/drivers/net/dsa/mt7530.c
index c355824ddb81..265620a81f9f 100644
--- a/drivers/net/dsa/mt7530.c
+++ b/drivers/net/dsa/mt7530.c
@@ -1952,13 +1952,7 @@ static void mt7531_sgmii_validate(struct mt7530_priv *priv, int port,
/* Port5 supports ethier RGMII or SGMII.
* Port6 supports SGMII only.
*/
- switch (port) {
- case 5:
- if (mt7531_is_rgmii_port(priv, port))
- break;
- fallthrough;
- case 6:
- phylink_set(supported, 1000baseX_Full);
+ if (port == 6) {
phylink_set(supported, 2500baseX_Full);
phylink_set(supported, 2500baseT_Full);
}
@@ -2315,8 +2309,6 @@ static void
mt7530_mac_port_validate(struct dsa_switch *ds, int port,
unsigned long *supported)
{
- if (port == 5)
- phylink_set(supported, 1000baseX_Full);
}
static void mt7531_mac_port_validate(struct dsa_switch *ds, int port,
@@ -2353,8 +2345,10 @@ mt753x_phylink_validate(struct dsa_switch *ds, int port,
}
/* This switch only supports 1G full-duplex. */
- if (state->interface != PHY_INTERFACE_MODE_MII)
+ if (state->interface != PHY_INTERFACE_MODE_MII) {
phylink_set(mask, 1000baseT_Full);
+ phylink_set(mask, 1000baseX_Full);
+ }
priv->info->mac_port_validate(ds, port, mask);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 143/452] NFC: NULL out the dev->rfkill to prevent UAF
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2022-06-07 16:59 ` [PATCH 5.10 142/452] net: dsa: mt7530: 1G can also support 1000BASE-X link mode Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 144/452] efi: Add missing prototype for efi_capsule_setup_info Greg Kroah-Hartman
` (314 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lin Ma, Krzysztof Kozlowski,
David S. Miller, Sasha Levin
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit 1b0e81416a24d6e9b8c2341e22e8bf48f8b8bfc9 ]
Commit 3e3b5dfcd16a ("NFC: reorder the logic in nfc_{un,}register_device")
assumes the device_is_registered() in function nfc_dev_up() will help
to check when the rfkill is unregistered. However, this check only
take effect when device_del(&dev->dev) is done in nfc_unregister_device().
Hence, the rfkill object is still possible be dereferenced.
The crash trace in latest kernel (5.18-rc2):
[ 68.760105] ==================================================================
[ 68.760330] BUG: KASAN: use-after-free in __lock_acquire+0x3ec1/0x6750
[ 68.760756] Read of size 8 at addr ffff888009c93018 by task fuzz/313
[ 68.760756]
[ 68.760756] CPU: 0 PID: 313 Comm: fuzz Not tainted 5.18.0-rc2 #4
[ 68.760756] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 68.760756] Call Trace:
[ 68.760756] <TASK>
[ 68.760756] dump_stack_lvl+0x57/0x7d
[ 68.760756] print_report.cold+0x5e/0x5db
[ 68.760756] ? __lock_acquire+0x3ec1/0x6750
[ 68.760756] kasan_report+0xbe/0x1c0
[ 68.760756] ? __lock_acquire+0x3ec1/0x6750
[ 68.760756] __lock_acquire+0x3ec1/0x6750
[ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 68.760756] ? register_lock_class+0x18d0/0x18d0
[ 68.760756] lock_acquire+0x1ac/0x4f0
[ 68.760756] ? rfkill_blocked+0xe/0x60
[ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 68.760756] ? mutex_lock_io_nested+0x12c0/0x12c0
[ 68.760756] ? nla_get_range_signed+0x540/0x540
[ 68.760756] ? _raw_spin_lock_irqsave+0x4e/0x50
[ 68.760756] _raw_spin_lock_irqsave+0x39/0x50
[ 68.760756] ? rfkill_blocked+0xe/0x60
[ 68.760756] rfkill_blocked+0xe/0x60
[ 68.760756] nfc_dev_up+0x84/0x260
[ 68.760756] nfc_genl_dev_up+0x90/0xe0
[ 68.760756] genl_family_rcv_msg_doit+0x1f4/0x2f0
[ 68.760756] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x230/0x230
[ 68.760756] ? security_capable+0x51/0x90
[ 68.760756] genl_rcv_msg+0x280/0x500
[ 68.760756] ? genl_get_cmd+0x3c0/0x3c0
[ 68.760756] ? lock_acquire+0x1ac/0x4f0
[ 68.760756] ? nfc_genl_dev_down+0xe0/0xe0
[ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 68.760756] netlink_rcv_skb+0x11b/0x340
[ 68.760756] ? genl_get_cmd+0x3c0/0x3c0
[ 68.760756] ? netlink_ack+0x9c0/0x9c0
[ 68.760756] ? netlink_deliver_tap+0x136/0xb00
[ 68.760756] genl_rcv+0x1f/0x30
[ 68.760756] netlink_unicast+0x430/0x710
[ 68.760756] ? memset+0x20/0x40
[ 68.760756] ? netlink_attachskb+0x740/0x740
[ 68.760756] ? __build_skb_around+0x1f4/0x2a0
[ 68.760756] netlink_sendmsg+0x75d/0xc00
[ 68.760756] ? netlink_unicast+0x710/0x710
[ 68.760756] ? netlink_unicast+0x710/0x710
[ 68.760756] sock_sendmsg+0xdf/0x110
[ 68.760756] __sys_sendto+0x19e/0x270
[ 68.760756] ? __ia32_sys_getpeername+0xa0/0xa0
[ 68.760756] ? fd_install+0x178/0x4c0
[ 68.760756] ? fd_install+0x195/0x4c0
[ 68.760756] ? kernel_fpu_begin_mask+0x1c0/0x1c0
[ 68.760756] __x64_sys_sendto+0xd8/0x1b0
[ 68.760756] ? lockdep_hardirqs_on+0xbf/0x130
[ 68.760756] ? syscall_enter_from_user_mode+0x1d/0x50
[ 68.760756] do_syscall_64+0x3b/0x90
[ 68.760756] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 68.760756] RIP: 0033:0x7f67fb50e6b3
...
[ 68.760756] RSP: 002b:00007f67fa91fe90 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 68.760756] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f67fb50e6b3
[ 68.760756] RDX: 000000000000001c RSI: 0000559354603090 RDI: 0000000000000003
[ 68.760756] RBP: 00007f67fa91ff00 R08: 00007f67fa91fedc R09: 000000000000000c
[ 68.760756] R10: 0000000000000000 R11: 0000000000000293 R12: 00007ffe824d496e
[ 68.760756] R13: 00007ffe824d496f R14: 00007f67fa120000 R15: 0000000000000003
[ 68.760756] </TASK>
[ 68.760756]
[ 68.760756] Allocated by task 279:
[ 68.760756] kasan_save_stack+0x1e/0x40
[ 68.760756] __kasan_kmalloc+0x81/0xa0
[ 68.760756] rfkill_alloc+0x7f/0x280
[ 68.760756] nfc_register_device+0xa3/0x1a0
[ 68.760756] nci_register_device+0x77a/0xad0
[ 68.760756] nfcmrvl_nci_register_dev+0x20b/0x2c0
[ 68.760756] nfcmrvl_nci_uart_open+0xf2/0x1dd
[ 68.760756] nci_uart_tty_ioctl+0x2c3/0x4a0
[ 68.760756] tty_ioctl+0x764/0x1310
[ 68.760756] __x64_sys_ioctl+0x122/0x190
[ 68.760756] do_syscall_64+0x3b/0x90
[ 68.760756] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 68.760756]
[ 68.760756] Freed by task 314:
[ 68.760756] kasan_save_stack+0x1e/0x40
[ 68.760756] kasan_set_track+0x21/0x30
[ 68.760756] kasan_set_free_info+0x20/0x30
[ 68.760756] __kasan_slab_free+0x108/0x170
[ 68.760756] kfree+0xb0/0x330
[ 68.760756] device_release+0x96/0x200
[ 68.760756] kobject_put+0xf9/0x1d0
[ 68.760756] nfc_unregister_device+0x77/0x190
[ 68.760756] nfcmrvl_nci_unregister_dev+0x88/0xd0
[ 68.760756] nci_uart_tty_close+0xdf/0x180
[ 68.760756] tty_ldisc_kill+0x73/0x110
[ 68.760756] tty_ldisc_hangup+0x281/0x5b0
[ 68.760756] __tty_hangup.part.0+0x431/0x890
[ 68.760756] tty_release+0x3a8/0xc80
[ 68.760756] __fput+0x1f0/0x8c0
[ 68.760756] task_work_run+0xc9/0x170
[ 68.760756] exit_to_user_mode_prepare+0x194/0x1a0
[ 68.760756] syscall_exit_to_user_mode+0x19/0x50
[ 68.760756] do_syscall_64+0x48/0x90
[ 68.760756] entry_SYSCALL_64_after_hwframe+0x44/0xae
This patch just add the null out of dev->rfkill to make sure such
dereference cannot happen. This is safe since the device_lock() already
protect the check/write from data race.
Fixes: 3e3b5dfcd16a ("NFC: reorder the logic in nfc_{un,}register_device")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/nfc/core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/nfc/core.c b/net/nfc/core.c
index 3b2983813ff1..2ef56366bd5f 100644
--- a/net/nfc/core.c
+++ b/net/nfc/core.c
@@ -1158,6 +1158,7 @@ void nfc_unregister_device(struct nfc_dev *dev)
if (dev->rfkill) {
rfkill_unregister(dev->rfkill);
rfkill_destroy(dev->rfkill);
+ dev->rfkill = NULL;
}
dev->shutting_down = true;
device_unlock(&dev->dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 144/452] efi: Add missing prototype for efi_capsule_setup_info
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 143/452] NFC: NULL out the dev->rfkill to prevent UAF Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 145/452] target: remove an incorrect unmap zeroes data deduction Greg Kroah-Hartman
` (313 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan Kiszka, Ard Biesheuvel, Sasha Levin
From: Jan Kiszka <jan.kiszka@siemens.com>
[ Upstream commit aa480379d8bdb33920d68acfd90f823c8af32578 ]
Fixes "no previous declaration for 'efi_capsule_setup_info'" warnings
under W=1.
Fixes: 2959c95d510c ("efi/capsule: Add support for Quark security header")
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Link: https://lore.kernel.org/r/c28d3f86-dd72-27d1-e2c2-40971b8da6bd@siemens.com
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/efi.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/linux/efi.h b/include/linux/efi.h
index e17cd4c44f93..3bac68fb7ff1 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -167,6 +167,8 @@ struct capsule_info {
size_t page_bytes_remain;
};
+int efi_capsule_setup_info(struct capsule_info *cap_info, void *kbuff,
+ size_t hdr_bytes);
int __efi_capsule_setup_info(struct capsule_info *cap_info);
typedef int (*efi_freemem_callback_t) (u64 start, u64 end, void *arg);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 145/452] target: remove an incorrect unmap zeroes data deduction
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 144/452] efi: Add missing prototype for efi_capsule_setup_info Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 146/452] drbd: fix duplicate array initializer Greg Kroah-Hartman
` (312 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig,
Martin K. Petersen, Chaitanya Kulkarni, Jens Axboe, Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 179d8609d8424529e95021df939ed7b0b82b37f1 ]
For block devices, the SCSI target drivers implements UNMAP as calls to
blkdev_issue_discard, which does not guarantee zeroing just because
Write Zeroes is supported.
Note that this does not affect the file backed path which uses
fallocate to punch holes.
Fixes: 2237498f0b5c ("target/iblock: Convert WRITE_SAME to blkdev_issue_zeroout")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Link: https://lore.kernel.org/r/20220415045258.199825-2-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/target/target_core_device.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
index 109f019d2148..1eded5c4ebda 100644
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
@@ -831,7 +831,6 @@ bool target_configure_unmap_from_queue(struct se_dev_attrib *attrib,
attrib->unmap_granularity = q->limits.discard_granularity / block_size;
attrib->unmap_granularity_alignment = q->limits.discard_alignment /
block_size;
- attrib->unmap_zeroes_data = !!(q->limits.max_write_zeroes_sectors);
return true;
}
EXPORT_SYMBOL(target_configure_unmap_from_queue);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 146/452] drbd: fix duplicate array initializer
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 145/452] target: remove an incorrect unmap zeroes data deduction Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 147/452] EDAC/dmc520: Dont print an error for each unconfigured interrupt line Greg Kroah-Hartman
` (311 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnd Bergmann,
Christoph Böhmwalder, Jens Axboe, Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 33cb0917bbe241dd17a2b87ead63514c1b7e5615 ]
There are two initializers for P_RETRY_WRITE:
drivers/block/drbd/drbd_main.c:3676:22: warning: initialized field overwritten [-Woverride-init]
Remove the first one since it was already ignored by the compiler
and reorder the list to match the enum definition. As P_ZEROES had
no entry, add that one instead.
Fixes: 036b17eaab93 ("drbd: Receiving part for the PROTOCOL_UPDATE packet")
Fixes: f31e583aa2c2 ("drbd: introduce P_ZEROES (REQ_OP_WRITE_ZEROES on the "wire")")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Christoph Böhmwalder <christoph.boehmwalder@linbit.com>
Link: https://lore.kernel.org/r/20220406190715.1938174-2-christoph.boehmwalder@linbit.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/drbd/drbd_main.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
index 3cdbd81f983f..407527ff6b1f 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
@@ -3631,9 +3631,8 @@ const char *cmdname(enum drbd_packet cmd)
* when we want to support more than
* one PRO_VERSION */
static const char *cmdnames[] = {
+
[P_DATA] = "Data",
- [P_WSAME] = "WriteSame",
- [P_TRIM] = "Trim",
[P_DATA_REPLY] = "DataReply",
[P_RS_DATA_REPLY] = "RSDataReply",
[P_BARRIER] = "Barrier",
@@ -3644,7 +3643,6 @@ const char *cmdname(enum drbd_packet cmd)
[P_DATA_REQUEST] = "DataRequest",
[P_RS_DATA_REQUEST] = "RSDataRequest",
[P_SYNC_PARAM] = "SyncParam",
- [P_SYNC_PARAM89] = "SyncParam89",
[P_PROTOCOL] = "ReportProtocol",
[P_UUIDS] = "ReportUUIDs",
[P_SIZES] = "ReportSizes",
@@ -3652,6 +3650,7 @@ const char *cmdname(enum drbd_packet cmd)
[P_SYNC_UUID] = "ReportSyncUUID",
[P_AUTH_CHALLENGE] = "AuthChallenge",
[P_AUTH_RESPONSE] = "AuthResponse",
+ [P_STATE_CHG_REQ] = "StateChgRequest",
[P_PING] = "Ping",
[P_PING_ACK] = "PingAck",
[P_RECV_ACK] = "RecvAck",
@@ -3662,24 +3661,26 @@ const char *cmdname(enum drbd_packet cmd)
[P_NEG_DREPLY] = "NegDReply",
[P_NEG_RS_DREPLY] = "NegRSDReply",
[P_BARRIER_ACK] = "BarrierAck",
- [P_STATE_CHG_REQ] = "StateChgRequest",
[P_STATE_CHG_REPLY] = "StateChgReply",
[P_OV_REQUEST] = "OVRequest",
[P_OV_REPLY] = "OVReply",
[P_OV_RESULT] = "OVResult",
[P_CSUM_RS_REQUEST] = "CsumRSRequest",
[P_RS_IS_IN_SYNC] = "CsumRSIsInSync",
+ [P_SYNC_PARAM89] = "SyncParam89",
[P_COMPRESSED_BITMAP] = "CBitmap",
[P_DELAY_PROBE] = "DelayProbe",
[P_OUT_OF_SYNC] = "OutOfSync",
- [P_RETRY_WRITE] = "RetryWrite",
[P_RS_CANCEL] = "RSCancel",
[P_CONN_ST_CHG_REQ] = "conn_st_chg_req",
[P_CONN_ST_CHG_REPLY] = "conn_st_chg_reply",
[P_RETRY_WRITE] = "retry_write",
[P_PROTOCOL_UPDATE] = "protocol_update",
+ [P_TRIM] = "Trim",
[P_RS_THIN_REQ] = "rs_thin_req",
[P_RS_DEALLOCATED] = "rs_deallocated",
+ [P_WSAME] = "WriteSame",
+ [P_ZEROES] = "Zeroes",
/* enum drbd_packet, but not commands - obsoleted flags:
* P_MAY_IGNORE
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 147/452] EDAC/dmc520: Dont print an error for each unconfigured interrupt line
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 146/452] drbd: fix duplicate array initializer Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 148/452] mtd: rawnand: denali: Use managed device resources Greg Kroah-Hartman
` (310 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sinan Kaya, Tyler Hicks,
Borislav Petkov, Sasha Levin
From: Tyler Hicks <tyhicks@linux.microsoft.com>
[ Upstream commit ad2df24732e8956a45a00894d2163c4ee8fb0e1f ]
The dmc520 driver requires that at least one interrupt line, out of the
ten possible, is configured. The driver prints an error and returns
-EINVAL from its .probe function if there are no interrupt lines
configured.
Don't print a KERN_ERR level message for each interrupt line that's
unconfigured as that can confuse users into thinking that there is an
error condition.
Before this change, the following KERN_ERR level messages would be
reported if only dram_ecc_errc and dram_ecc_errd were configured in the
device tree:
dmc520 68000000.dmc: IRQ ram_ecc_errc not found
dmc520 68000000.dmc: IRQ ram_ecc_errd not found
dmc520 68000000.dmc: IRQ failed_access not found
dmc520 68000000.dmc: IRQ failed_prog not found
dmc520 68000000.dmc: IRQ link_err not
dmc520 68000000.dmc: IRQ temperature_event not found
dmc520 68000000.dmc: IRQ arch_fsm not found
dmc520 68000000.dmc: IRQ phy_request not found
Fixes: 1088750d7839 ("EDAC: Add EDAC driver for DMC520")
Reported-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20220111163800.22362-1-tyhicks@linux.microsoft.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/edac/dmc520_edac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/edac/dmc520_edac.c b/drivers/edac/dmc520_edac.c
index b8a7d9594afd..1fa5ca57e9ec 100644
--- a/drivers/edac/dmc520_edac.c
+++ b/drivers/edac/dmc520_edac.c
@@ -489,7 +489,7 @@ static int dmc520_edac_probe(struct platform_device *pdev)
dev = &pdev->dev;
for (idx = 0; idx < NUMBER_OF_IRQS; idx++) {
- irq = platform_get_irq_byname(pdev, dmc520_irq_configs[idx].name);
+ irq = platform_get_irq_byname_optional(pdev, dmc520_irq_configs[idx].name);
irqs[idx] = irq;
masks[idx] = dmc520_irq_configs[idx].mask;
if (irq >= 0) {
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 148/452] mtd: rawnand: denali: Use managed device resources
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 147/452] EDAC/dmc520: Dont print an error for each unconfigured interrupt line Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 149/452] HID: hid-led: fix maximum brightness for Dream Cheeky Greg Kroah-Hartman
` (309 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Miquel Raynal, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 3a745b51cddafade99aaea1b93aad31e9614e230 ]
All of the resources used by this driver has managed interfaces, so use
them. Otherwise we will get the following splat:
[ 4.472703] denali-nand-pci 0000:00:05.0: timeout while waiting for irq 0x1000
[ 4.474071] denali-nand-pci: probe of 0000:00:05.0 failed with error -5
[ 4.473538] nand: No NAND device found
[ 4.474068] BUG: unable to handle page fault for address: ffffc90005000410
[ 4.475169] #PF: supervisor write access in kernel mode
[ 4.475579] #PF: error_code(0x0002) - not-present page
[ 4.478362] RIP: 0010:iowrite32+0x9/0x50
[ 4.486068] Call Trace:
[ 4.486269] <IRQ>
[ 4.486443] denali_isr+0x15b/0x300 [denali]
[ 4.486788] ? denali_direct_write+0x50/0x50 [denali]
[ 4.487189] __handle_irq_event_percpu+0x161/0x3b0
[ 4.487571] handle_irq_event+0x7d/0x1b0
[ 4.487884] handle_fasteoi_irq+0x2b0/0x770
[ 4.488219] __common_interrupt+0xc8/0x1b0
[ 4.488549] common_interrupt+0x9a/0xc0
Fixes: 93db446a424c ("mtd: nand: move raw NAND related code to the raw/ subdir")
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220411125808.958276-1-zheyuma97@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/denali_pci.c | 15 ++++-----------
1 file changed, 4 insertions(+), 11 deletions(-)
diff --git a/drivers/mtd/nand/raw/denali_pci.c b/drivers/mtd/nand/raw/denali_pci.c
index 20c085a30adc..de7e722d3826 100644
--- a/drivers/mtd/nand/raw/denali_pci.c
+++ b/drivers/mtd/nand/raw/denali_pci.c
@@ -74,22 +74,21 @@ static int denali_pci_probe(struct pci_dev *dev, const struct pci_device_id *id)
return ret;
}
- denali->reg = ioremap(csr_base, csr_len);
+ denali->reg = devm_ioremap(denali->dev, csr_base, csr_len);
if (!denali->reg) {
dev_err(&dev->dev, "Spectra: Unable to remap memory region\n");
return -ENOMEM;
}
- denali->host = ioremap(mem_base, mem_len);
+ denali->host = devm_ioremap(denali->dev, mem_base, mem_len);
if (!denali->host) {
dev_err(&dev->dev, "Spectra: ioremap failed!");
- ret = -ENOMEM;
- goto out_unmap_reg;
+ return -ENOMEM;
}
ret = denali_init(denali);
if (ret)
- goto out_unmap_host;
+ return ret;
nsels = denali->nbanks;
@@ -117,10 +116,6 @@ static int denali_pci_probe(struct pci_dev *dev, const struct pci_device_id *id)
out_remove_denali:
denali_remove(denali);
-out_unmap_host:
- iounmap(denali->host);
-out_unmap_reg:
- iounmap(denali->reg);
return ret;
}
@@ -129,8 +124,6 @@ static void denali_pci_remove(struct pci_dev *dev)
struct denali_controller *denali = pci_get_drvdata(dev);
denali_remove(denali);
- iounmap(denali->reg);
- iounmap(denali->host);
}
static struct pci_driver denali_pci_driver = {
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 149/452] HID: hid-led: fix maximum brightness for Dream Cheeky
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 148/452] mtd: rawnand: denali: Use managed device resources Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 150/452] HID: elan: Fix potential double free in elan_input_configured Greg Kroah-Hartman
` (308 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Teh, Jiri Kosina, Sasha Levin
From: Jonathan Teh <jonathan.teh@outlook.com>
[ Upstream commit 116c3f4a78ebe478d5ad5a038baf931e93e7d748 ]
Increase maximum brightness for Dream Cheeky to 63. Emperically
determined based on testing in kernel 4.4 on this device:
Bus 003 Device 002: ID 1d34:0004 Dream Cheeky Webmail Notifier
Fixes: 6c7ad07e9e05 ("HID: migrate USB LED driver from usb misc to hid")
Signed-off-by: Jonathan Teh <jonathan.teh@outlook.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-led.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hid/hid-led.c b/drivers/hid/hid-led.c
index c2c66ceca132..7d82f8d426bb 100644
--- a/drivers/hid/hid-led.c
+++ b/drivers/hid/hid-led.c
@@ -366,7 +366,7 @@ static const struct hidled_config hidled_configs[] = {
.type = DREAM_CHEEKY,
.name = "Dream Cheeky Webmail Notifier",
.short_name = "dream_cheeky",
- .max_brightness = 31,
+ .max_brightness = 63,
.num_leds = 1,
.report_size = 9,
.report_type = RAW_REQUEST,
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 150/452] HID: elan: Fix potential double free in elan_input_configured
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 149/452] HID: hid-led: fix maximum brightness for Dream Cheeky Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 151/452] drm/bridge: Fix error handling in analogix_dp_probe Greg Kroah-Hartman
` (307 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Benjamin Tissoires,
Jiri Kosina, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 1af20714fedad238362571620be0bd690ded05b6 ]
'input' is a managed resource allocated with devm_input_allocate_device(),
so there is no need to call input_free_device() explicitly or
there will be a double free.
According to the doc of devm_input_allocate_device():
* Managed input devices do not need to be explicitly unregistered or
* freed as it will be done automatically when owner device unbinds from
* its driver (or binding fails).
Fixes: b7429ea53d6c ("HID: elan: Fix memleak in elan_input_configured")
Fixes: 9a6a4193d65b ("HID: Add driver for USB ELAN Touchpad")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Acked-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-elan.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/hid/hid-elan.c b/drivers/hid/hid-elan.c
index 0e8f424025fe..838673303f77 100644
--- a/drivers/hid/hid-elan.c
+++ b/drivers/hid/hid-elan.c
@@ -188,7 +188,6 @@ static int elan_input_configured(struct hid_device *hdev, struct hid_input *hi)
ret = input_mt_init_slots(input, ELAN_MAX_FINGERS, INPUT_MT_POINTER);
if (ret) {
hid_err(hdev, "Failed to init elan MT slots: %d\n", ret);
- input_free_device(input);
return ret;
}
@@ -200,7 +199,6 @@ static int elan_input_configured(struct hid_device *hdev, struct hid_input *hi)
hid_err(hdev, "Failed to register elan input device: %d\n",
ret);
input_mt_destroy_slots(input);
- input_free_device(input);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 151/452] drm/bridge: Fix error handling in analogix_dp_probe
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 150/452] HID: elan: Fix potential double free in elan_input_configured Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 152/452] sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq Greg Kroah-Hartman
` (306 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Robert Foss, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 9f15930bb2ef9f031d62ffc49629cbae89137733 ]
In the error handling path, the clk_prepare_enable() function
call should be balanced by a corresponding 'clk_disable_unprepare()'
call, as already done in the remove function.
Fixes: 3424e3a4f844 ("drm: bridge: analogix/dp: split exynos dp driver to bridge directory")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220420011644.25730-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../gpu/drm/bridge/analogix/analogix_dp_core.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/bridge/analogix/analogix_dp_core.c b/drivers/gpu/drm/bridge/analogix/analogix_dp_core.c
index aa1bb86293fd..31b4ff60a010 100644
--- a/drivers/gpu/drm/bridge/analogix/analogix_dp_core.c
+++ b/drivers/gpu/drm/bridge/analogix/analogix_dp_core.c
@@ -1705,8 +1705,10 @@ analogix_dp_probe(struct device *dev, struct analogix_dp_plat_data *plat_data)
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
dp->reg_base = devm_ioremap_resource(&pdev->dev, res);
- if (IS_ERR(dp->reg_base))
- return ERR_CAST(dp->reg_base);
+ if (IS_ERR(dp->reg_base)) {
+ ret = PTR_ERR(dp->reg_base);
+ goto err_disable_clk;
+ }
dp->force_hpd = of_property_read_bool(dev->of_node, "force-hpd");
@@ -1718,7 +1720,8 @@ analogix_dp_probe(struct device *dev, struct analogix_dp_plat_data *plat_data)
if (IS_ERR(dp->hpd_gpiod)) {
dev_err(dev, "error getting HDP GPIO: %ld\n",
PTR_ERR(dp->hpd_gpiod));
- return ERR_CAST(dp->hpd_gpiod);
+ ret = PTR_ERR(dp->hpd_gpiod);
+ goto err_disable_clk;
}
if (dp->hpd_gpiod) {
@@ -1738,7 +1741,8 @@ analogix_dp_probe(struct device *dev, struct analogix_dp_plat_data *plat_data)
if (dp->irq == -ENXIO) {
dev_err(&pdev->dev, "failed to get irq\n");
- return ERR_PTR(-ENODEV);
+ ret = -ENODEV;
+ goto err_disable_clk;
}
ret = devm_request_threaded_irq(&pdev->dev, dp->irq,
@@ -1747,11 +1751,15 @@ analogix_dp_probe(struct device *dev, struct analogix_dp_plat_data *plat_data)
irq_flags, "analogix-dp", dp);
if (ret) {
dev_err(&pdev->dev, "failed to request irq\n");
- return ERR_PTR(ret);
+ goto err_disable_clk;
}
disable_irq(dp->irq);
return dp;
+
+err_disable_clk:
+ clk_disable_unprepare(dp->clock);
+ return ERR_PTR(ret);
}
EXPORT_SYMBOL_GPL(analogix_dp_probe);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 152/452] sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 151/452] drm/bridge: Fix error handling in analogix_dp_probe Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 153/452] spi: img-spfi: Fix pm_runtime_get_sync() error checking Greg Kroah-Hartman
` (305 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chengming Zhou,
Peter Zijlstra (Intel),
Ben Segall, Vincent Guittot, Sasha Levin
From: Chengming Zhou <zhouchengming@bytedance.com>
[ Upstream commit 64eaf50731ac0a8c76ce2fedd50ef6652aabc5ff ]
Since commit 23127296889f ("sched/fair: Update scale invariance of PELT")
change to use rq_clock_pelt() instead of rq_clock_task(), we should also
use rq_clock_pelt() for throttled_clock_task_time and throttled_clock_task
accounting to get correct cfs_rq_clock_pelt() of throttled cfs_rq. And
rename throttled_clock_task(_time) to be clock_pelt rather than clock_task.
Fixes: 23127296889f ("sched/fair: Update scale invariance of PELT")
Signed-off-by: Chengming Zhou <zhouchengming@bytedance.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Ben Segall <bsegall@google.com>
Reviewed-by: Vincent Guittot <vincent.guittot@linaro.org>
Link: https://lore.kernel.org/r/20220408115309.81603-1-zhouchengming@bytedance.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/fair.c | 8 ++++----
kernel/sched/pelt.h | 4 ++--
kernel/sched/sched.h | 4 ++--
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index 1a306ef51bbe..bca0efc03a51 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -4758,8 +4758,8 @@ static int tg_unthrottle_up(struct task_group *tg, void *data)
cfs_rq->throttle_count--;
if (!cfs_rq->throttle_count) {
- cfs_rq->throttled_clock_task_time += rq_clock_task(rq) -
- cfs_rq->throttled_clock_task;
+ cfs_rq->throttled_clock_pelt_time += rq_clock_pelt(rq) -
+ cfs_rq->throttled_clock_pelt;
/* Add cfs_rq with already running entity in the list */
if (cfs_rq->nr_running >= 1)
@@ -4776,7 +4776,7 @@ static int tg_throttle_down(struct task_group *tg, void *data)
/* group is entering throttled state, stop time */
if (!cfs_rq->throttle_count) {
- cfs_rq->throttled_clock_task = rq_clock_task(rq);
+ cfs_rq->throttled_clock_pelt = rq_clock_pelt(rq);
list_del_leaf_cfs_rq(cfs_rq);
}
cfs_rq->throttle_count++;
@@ -5194,7 +5194,7 @@ static void sync_throttle(struct task_group *tg, int cpu)
pcfs_rq = tg->parent->cfs_rq[cpu];
cfs_rq->throttle_count = pcfs_rq->throttle_count;
- cfs_rq->throttled_clock_task = rq_clock_task(cpu_rq(cpu));
+ cfs_rq->throttled_clock_pelt = rq_clock_pelt(cpu_rq(cpu));
}
/* conditionally throttle active cfs_rq's from put_prev_entity() */
diff --git a/kernel/sched/pelt.h b/kernel/sched/pelt.h
index 45bf08e22207..89150ced09cf 100644
--- a/kernel/sched/pelt.h
+++ b/kernel/sched/pelt.h
@@ -145,9 +145,9 @@ static inline u64 rq_clock_pelt(struct rq *rq)
static inline u64 cfs_rq_clock_pelt(struct cfs_rq *cfs_rq)
{
if (unlikely(cfs_rq->throttle_count))
- return cfs_rq->throttled_clock_task - cfs_rq->throttled_clock_task_time;
+ return cfs_rq->throttled_clock_pelt - cfs_rq->throttled_clock_pelt_time;
- return rq_clock_pelt(rq_of(cfs_rq)) - cfs_rq->throttled_clock_task_time;
+ return rq_clock_pelt(rq_of(cfs_rq)) - cfs_rq->throttled_clock_pelt_time;
}
#else
static inline u64 cfs_rq_clock_pelt(struct cfs_rq *cfs_rq)
diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h
index 08db8e095e48..8d39f5d99172 100644
--- a/kernel/sched/sched.h
+++ b/kernel/sched/sched.h
@@ -599,8 +599,8 @@ struct cfs_rq {
s64 runtime_remaining;
u64 throttled_clock;
- u64 throttled_clock_task;
- u64 throttled_clock_task_time;
+ u64 throttled_clock_pelt;
+ u64 throttled_clock_pelt_time;
int throttled;
int throttle_count;
struct list_head throttled_list;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 153/452] spi: img-spfi: Fix pm_runtime_get_sync() error checking
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 152/452] sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 154/452] cpufreq: Fix possible race in cpufreq online error path Greg Kroah-Hartman
` (304 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheng Yongjun, Mark Brown, Sasha Levin
From: Zheng Yongjun <zhengyongjun3@huawei.com>
[ Upstream commit cc470d55343056d6b2a5c32e10e0aad06f324078 ]
If the device is already in a runtime PM enabled state
pm_runtime_get_sync() will return 1, so a test for negative
value should be used to check for errors.
Fixes: deba25800a12b ("spi: Add driver for IMG SPFI controller")
Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
Link: https://lore.kernel.org/r/20220422062641.10486-1-zhengyongjun3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-img-spfi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/spi-img-spfi.c b/drivers/spi/spi-img-spfi.c
index 5f05d519fbbd..71376b6df89d 100644
--- a/drivers/spi/spi-img-spfi.c
+++ b/drivers/spi/spi-img-spfi.c
@@ -731,7 +731,7 @@ static int img_spfi_resume(struct device *dev)
int ret;
ret = pm_runtime_get_sync(dev);
- if (ret) {
+ if (ret < 0) {
pm_runtime_put_noidle(dev);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 154/452] cpufreq: Fix possible race in cpufreq online error path
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 153/452] spi: img-spfi: Fix pm_runtime_get_sync() error checking Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 155/452] ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix Greg Kroah-Hartman
` (303 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Schspa Shi, Rafael J. Wysocki, Sasha Levin
From: Schspa Shi <schspa@gmail.com>
[ Upstream commit f346e96267cd76175d6c201b40f770c0116a8a04 ]
When cpufreq online fails, the policy->cpus mask is not cleared and
policy->rwsem is released too early, so the driver can be invoked
via the cpuinfo_cur_freq sysfs attribute while its ->offline() or
->exit() callbacks are being run.
Take policy->clk as an example:
static int cpufreq_online(unsigned int cpu)
{
...
// policy->cpus != 0 at this time
down_write(&policy->rwsem);
ret = cpufreq_add_dev_interface(policy);
up_write(&policy->rwsem);
return 0;
out_destroy_policy:
for_each_cpu(j, policy->real_cpus)
remove_cpu_dev_symlink(policy, get_cpu_device(j));
up_write(&policy->rwsem);
...
out_exit_policy:
if (cpufreq_driver->exit)
cpufreq_driver->exit(policy);
clk_put(policy->clk);
// policy->clk is a wild pointer
...
^
|
Another process access
__cpufreq_get
cpufreq_verify_current_freq
cpufreq_generic_get
// acces wild pointer of policy->clk;
|
|
out_offline_policy: |
cpufreq_policy_free(policy); |
// deleted here, and will wait for no body reference
cpufreq_policy_put_kobj(policy);
}
Address this by modifying cpufreq_online() to release policy->rwsem
in the error path after the driver callbacks have run and to clear
policy->cpus before releasing the semaphore.
Fixes: 7106e02baed4 ("cpufreq: release policy->rwsem on error")
Signed-off-by: Schspa Shi <schspa@gmail.com>
[ rjw: Subject and changelog edits ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/cpufreq.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
index 30dafe8fc505..3540ea93b6f1 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -1515,8 +1515,6 @@ static int cpufreq_online(unsigned int cpu)
for_each_cpu(j, policy->real_cpus)
remove_cpu_dev_symlink(policy, get_cpu_device(j));
- up_write(&policy->rwsem);
-
out_offline_policy:
if (cpufreq_driver->offline)
cpufreq_driver->offline(policy);
@@ -1525,6 +1523,9 @@ static int cpufreq_online(unsigned int cpu)
if (cpufreq_driver->exit)
cpufreq_driver->exit(policy);
+ cpumask_clear(policy->cpus);
+ up_write(&policy->rwsem);
+
out_free_policy:
cpufreq_policy_free(policy);
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 155/452] ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 154/452] cpufreq: Fix possible race in cpufreq online error path Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 156/452] media: hantro: Empty encoder capture buffers by default Greg Kroah-Hartman
` (302 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 2dc509305cf956381532792cb8dceef2b1504765 ]
The "rxstatus->rs_keyix" eventually gets passed to test_bit() so we need to
ensure that it is within the bitmap.
drivers/net/wireless/ath/ath9k/common.c:46 ath9k_cmn_rx_accept()
error: passing untrusted data 'rx_stats->rs_keyix' to 'test_bit()'
Fixes: 4ed1a8d4a257 ("ath9k_htc: use ath9k_cmn_rx_accept")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220409061225.GA5447@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c b/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
index 0bdc4dcb7b8f..30ddf333e04d 100644
--- a/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
+++ b/drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
@@ -1006,6 +1006,14 @@ static bool ath9k_rx_prepare(struct ath9k_htc_priv *priv,
goto rx_next;
}
+ if (rxstatus->rs_keyix >= ATH_KEYMAX &&
+ rxstatus->rs_keyix != ATH9K_RXKEYIX_INVALID) {
+ ath_dbg(common, ANY,
+ "Invalid keyix, dropping (keyix: %d)\n",
+ rxstatus->rs_keyix);
+ goto rx_next;
+ }
+
/* Get the RX status information */
memset(rx_status, 0, sizeof(struct ieee80211_rx_status));
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 156/452] media: hantro: Empty encoder capture buffers by default
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 155/452] ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 157/452] drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 Greg Kroah-Hartman
` (301 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen-Yu Tsai, Ezequiel Garcia,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Chen-Yu Tsai <wenst@chromium.org>
[ Upstream commit 309373a3571ef7175bd9da0c9b13476a718e8478 ]
The payload size for encoder capture buffers is set by the driver upon
finishing encoding each frame, based on the encoded length returned from
hardware, and whatever header and padding length used. Setting a
non-zero default serves no real purpose, and also causes issues if the
capture buffer is returned to userspace unused, confusing the
application.
Instead, always set the payload size to 0 for encoder capture buffers
when preparing them.
Fixes: 775fec69008d ("media: add Rockchip VPU JPEG encoder driver")
Fixes: 082aaecff35f ("media: hantro: Fix .buf_prepare")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/hantro/hantro_v4l2.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/media/hantro/hantro_v4l2.c b/drivers/staging/media/hantro/hantro_v4l2.c
index 5c2ca61add8e..b65f2f3ef357 100644
--- a/drivers/staging/media/hantro/hantro_v4l2.c
+++ b/drivers/staging/media/hantro/hantro_v4l2.c
@@ -644,8 +644,12 @@ static int hantro_buf_prepare(struct vb2_buffer *vb)
* (for OUTPUT buffers, if userspace passes 0 bytesused, v4l2-core sets
* it to buffer length).
*/
- if (V4L2_TYPE_IS_CAPTURE(vq->type))
- vb2_set_plane_payload(vb, 0, pix_fmt->plane_fmt[0].sizeimage);
+ if (V4L2_TYPE_IS_CAPTURE(vq->type)) {
+ if (ctx->is_encoder)
+ vb2_set_plane_payload(vb, 0, 0);
+ else
+ vb2_set_plane_payload(vb, 0, pix_fmt->plane_fmt[0].sizeimage);
+ }
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 157/452] drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 156/452] media: hantro: Empty encoder capture buffers by default Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 158/452] ALSA: pcm: Check for null pointer of pointer substream before dereferencing it Greg Kroah-Hartman
` (300 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Vasut, Christoph Fritz,
Laurent Pinchart, Maxime Ripard, Sam Ravnborg, Thomas Zimmermann,
Sasha Levin
From: Marek Vasut <marex@denx.de>
[ Upstream commit 0f73a559f916b618c0c05186bd644c90cc9e9695 ]
The DE signal is active high on this display, fill in the missing bus_flags.
This aligns panel_desc with its display_timing .
Fixes: a5d2ade627dca ("drm/panel: simple: Add support for Innolux G070Y2-L01")
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Christoph Fritz <chf.fritz@googlemail.com>
Cc: Laurent Pinchart <Laurent.pinchart@ideasonboard.com>
Cc: Maxime Ripard <maxime@cerno.tech>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220406093627.18011-1-marex@denx.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panel/panel-simple.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/panel/panel-simple.c b/drivers/gpu/drm/panel/panel-simple.c
index 959dcbd8a29c..18850439a2ab 100644
--- a/drivers/gpu/drm/panel/panel-simple.c
+++ b/drivers/gpu/drm/panel/panel-simple.c
@@ -2144,6 +2144,7 @@ static const struct panel_desc innolux_g070y2_l01 = {
.unprepare = 800,
},
.bus_format = MEDIA_BUS_FMT_RGB888_1X7X4_SPWG,
+ .bus_flags = DRM_BUS_FLAG_DE_HIGH,
.connector_type = DRM_MODE_CONNECTOR_LVDS,
};
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 158/452] ALSA: pcm: Check for null pointer of pointer substream before dereferencing it
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 157/452] drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 159/452] inotify: show inotify mask flags in proc fdinfo Greg Kroah-Hartman
` (299 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Takashi Iwai, Sasha Levin
From: Colin Ian King <colin.i.king@gmail.com>
[ Upstream commit 011b559be832194f992f73d6c0d5485f5925a10b ]
Pointer substream is being dereferenced on the assignment of pointer card
before substream is being null checked with the macro PCM_RUNTIME_CHECK.
Although PCM_RUNTIME_CHECK calls BUG_ON, it still is useful to perform the
the pointer check before card is assigned.
Fixes: d4cfb30fce03 ("ALSA: pcm: Set per-card upper limit of PCM buffer allocations")
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Link: https://lore.kernel.org/r/20220424205945.1372247-1-colin.i.king@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/pcm_memory.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/core/pcm_memory.c b/sound/core/pcm_memory.c
index a9a0d74f3165..191883842a35 100644
--- a/sound/core/pcm_memory.c
+++ b/sound/core/pcm_memory.c
@@ -434,7 +434,6 @@ EXPORT_SYMBOL(snd_pcm_lib_malloc_pages);
*/
int snd_pcm_lib_free_pages(struct snd_pcm_substream *substream)
{
- struct snd_card *card = substream->pcm->card;
struct snd_pcm_runtime *runtime;
if (PCM_RUNTIME_CHECK(substream))
@@ -443,6 +442,8 @@ int snd_pcm_lib_free_pages(struct snd_pcm_substream *substream)
if (runtime->dma_area == NULL)
return 0;
if (runtime->dma_buffer_p != &substream->dma_buffer) {
+ struct snd_card *card = substream->pcm->card;
+
/* it's a newly allocated buffer. release it now. */
do_free_pages(card, runtime->dma_buffer_p);
kfree(runtime->dma_buffer_p);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 159/452] inotify: show inotify mask flags in proc fdinfo
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 158/452] ALSA: pcm: Check for null pointer of pointer substream before dereferencing it Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 160/452] fsnotify: fix wrong lockdep annotations Greg Kroah-Hartman
` (298 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amir Goldstein, Jan Kara, Sasha Levin
From: Amir Goldstein <amir73il@gmail.com>
[ Upstream commit a32e697cda27679a0327ae2cafdad8c7170f548f ]
The inotify mask flags IN_ONESHOT and IN_EXCL_UNLINK are not "internal
to kernel" and should be exposed in procfs fdinfo so CRIU can restore
them.
Fixes: 6933599697c9 ("inotify: hide internal kernel bits from fdinfo")
Link: https://lore.kernel.org/r/20220422120327.3459282-2-amir73il@gmail.com
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/notify/fdinfo.c | 11 ++---------
fs/notify/inotify/inotify.h | 12 ++++++++++++
fs/notify/inotify/inotify_user.c | 2 +-
3 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/fs/notify/fdinfo.c b/fs/notify/fdinfo.c
index f0d6b54be412..765b50aeadd2 100644
--- a/fs/notify/fdinfo.c
+++ b/fs/notify/fdinfo.c
@@ -83,16 +83,9 @@ static void inotify_fdinfo(struct seq_file *m, struct fsnotify_mark *mark)
inode_mark = container_of(mark, struct inotify_inode_mark, fsn_mark);
inode = igrab(fsnotify_conn_inode(mark->connector));
if (inode) {
- /*
- * IN_ALL_EVENTS represents all of the mask bits
- * that we expose to userspace. There is at
- * least one bit (FS_EVENT_ON_CHILD) which is
- * used only internally to the kernel.
- */
- u32 mask = mark->mask & IN_ALL_EVENTS;
- seq_printf(m, "inotify wd:%x ino:%lx sdev:%x mask:%x ignored_mask:%x ",
+ seq_printf(m, "inotify wd:%x ino:%lx sdev:%x mask:%x ignored_mask:0 ",
inode_mark->wd, inode->i_ino, inode->i_sb->s_dev,
- mask, mark->ignored_mask);
+ inotify_mark_user_mask(mark));
show_mark_fhandle(m, inode);
seq_putc(m, '\n');
iput(inode);
diff --git a/fs/notify/inotify/inotify.h b/fs/notify/inotify/inotify.h
index 2007e3711916..8f00151eb731 100644
--- a/fs/notify/inotify/inotify.h
+++ b/fs/notify/inotify/inotify.h
@@ -22,6 +22,18 @@ static inline struct inotify_event_info *INOTIFY_E(struct fsnotify_event *fse)
return container_of(fse, struct inotify_event_info, fse);
}
+/*
+ * INOTIFY_USER_FLAGS represents all of the mask bits that we expose to
+ * userspace. There is at least one bit (FS_EVENT_ON_CHILD) which is
+ * used only internally to the kernel.
+ */
+#define INOTIFY_USER_MASK (IN_ALL_EVENTS | IN_ONESHOT | IN_EXCL_UNLINK)
+
+static inline __u32 inotify_mark_user_mask(struct fsnotify_mark *fsn_mark)
+{
+ return fsn_mark->mask & INOTIFY_USER_MASK;
+}
+
extern void inotify_ignored_and_remove_idr(struct fsnotify_mark *fsn_mark,
struct fsnotify_group *group);
extern int inotify_handle_inode_event(struct fsnotify_mark *inode_mark,
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
index 5f6c6bf65909..32b6b97021be 100644
--- a/fs/notify/inotify/inotify_user.c
+++ b/fs/notify/inotify/inotify_user.c
@@ -88,7 +88,7 @@ static inline __u32 inotify_arg_to_mask(struct inode *inode, u32 arg)
mask |= FS_EVENT_ON_CHILD;
/* mask off the flags used to open the fd */
- mask |= (arg & (IN_ALL_EVENTS | IN_ONESHOT | IN_EXCL_UNLINK));
+ mask |= (arg & INOTIFY_USER_MASK);
return mask;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 160/452] fsnotify: fix wrong lockdep annotations
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 159/452] inotify: show inotify mask flags in proc fdinfo Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 161/452] of: overlay: do not break notify on NOTIFY_{OK|STOP} Greg Kroah-Hartman
` (297 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Khazhismel Kumykov, Amir Goldstein,
Jan Kara, Sasha Levin
From: Amir Goldstein <amir73il@gmail.com>
[ Upstream commit 623af4f538b5df9b416e1b82f720af7371b4c771 ]
Commit 6960b0d909cd ("fsnotify: change locking order") changed some
of the mark_mutex locks in direct reclaim path to use:
mutex_lock_nested(&group->mark_mutex, SINGLE_DEPTH_NESTING);
This change is explained:
"...It uses nested locking to avoid deadlock in case we do the final
iput() on an inode which still holds marks and thus would take the
mutex again when calling fsnotify_inode_delete() in destroy_inode()."
The problem is that the mutex_lock_nested() is not a nested lock at
all. In fact, it has the opposite effect of preventing lockdep from
warning about a very possible deadlock.
Due to these wrong annotations, a deadlock that was introduced with
nfsd filecache in kernel v5.4 went unnoticed in v5.4.y for over two
years until it was reported recently by Khazhismel Kumykov, only to
find out that the deadlock was already fixed in kernel v5.5.
Fix the wrong lockdep annotations.
Cc: Khazhismel Kumykov <khazhy@google.com>
Fixes: 6960b0d909cd ("fsnotify: change locking order")
Link: https://lore.kernel.org/r/20220321112310.vpr7oxro2xkz5llh@quack3.lan/
Link: https://lore.kernel.org/r/20220422120327.3459282-4-amir73il@gmail.com
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/notify/mark.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/notify/mark.c b/fs/notify/mark.c
index 8387937b9d01..5b44be5f93dd 100644
--- a/fs/notify/mark.c
+++ b/fs/notify/mark.c
@@ -430,7 +430,7 @@ void fsnotify_free_mark(struct fsnotify_mark *mark)
void fsnotify_destroy_mark(struct fsnotify_mark *mark,
struct fsnotify_group *group)
{
- mutex_lock_nested(&group->mark_mutex, SINGLE_DEPTH_NESTING);
+ mutex_lock(&group->mark_mutex);
fsnotify_detach_mark(mark);
mutex_unlock(&group->mark_mutex);
fsnotify_free_mark(mark);
@@ -742,7 +742,7 @@ void fsnotify_clear_marks_by_group(struct fsnotify_group *group,
* move marks to free to to_free list in one go and then free marks in
* to_free list one by one.
*/
- mutex_lock_nested(&group->mark_mutex, SINGLE_DEPTH_NESTING);
+ mutex_lock(&group->mark_mutex);
list_for_each_entry_safe(mark, lmark, &group->marks_list, g_list) {
if ((1U << mark->connector->type) & type_mask)
list_move(&mark->g_list, &to_free);
@@ -751,7 +751,7 @@ void fsnotify_clear_marks_by_group(struct fsnotify_group *group,
clear:
while (1) {
- mutex_lock_nested(&group->mark_mutex, SINGLE_DEPTH_NESTING);
+ mutex_lock(&group->mark_mutex);
if (list_empty(head)) {
mutex_unlock(&group->mark_mutex);
break;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 161/452] of: overlay: do not break notify on NOTIFY_{OK|STOP}
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 160/452] fsnotify: fix wrong lockdep annotations Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 162/452] drm/msm/dpu: adjust display_v_end for eDP and DP Greg Kroah-Hartman
` (296 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nuno Sá, Rob Herring, Sasha Levin
From: Nuno Sá <nuno.sa@analog.com>
[ Upstream commit 5f756a2eaa4436d7d3dc1e040147f5e992ae34b5 ]
We should not break overlay notifications on NOTIFY_{OK|STOP}
otherwise we might break on the first fragment. We should only stop
notifications if a *real* errno is returned by one of the listeners.
Fixes: a1d19bd4cf1fe ("of: overlay: pr_err from return NOTIFY_OK to overlay apply/remove")
Signed-off-by: Nuno Sá <nuno.sa@analog.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Link: https://lore.kernel.org/r/20220420130205.89435-1-nuno.sa@analog.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/of/overlay.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
index 43a77d720008..c8a0c0e9dec1 100644
--- a/drivers/of/overlay.c
+++ b/drivers/of/overlay.c
@@ -170,9 +170,7 @@ static int overlay_notify(struct overlay_changeset *ovcs,
ret = blocking_notifier_call_chain(&overlay_notify_chain,
action, &nd);
- if (ret == NOTIFY_OK || ret == NOTIFY_STOP)
- return 0;
- if (ret) {
+ if (notifier_to_errno(ret)) {
ret = notifier_to_errno(ret);
pr_err("overlay changeset %s notifier error %d, target: %pOF\n",
of_overlay_action_name[action], ret, nd.target);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 162/452] drm/msm/dpu: adjust display_v_end for eDP and DP
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 161/452] of: overlay: do not break notify on NOTIFY_{OK|STOP} Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 163/452] scsi: ufs: qcom: Fix ufs_qcom_resume() Greg Kroah-Hartman
` (295 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kuogee Hsieh, Dmitry Baryshkov,
Stephen Boyd, Sasha Levin
From: Kuogee Hsieh <quic_khsieh@quicinc.com>
[ Upstream commit e18aeea7f5efb9508722c8c7fd4d32e6f8cdfe50 ]
The “DP timing” requires the active region to be defined in the
bottom-right corner of the frame dimensions which is different
with DSI. Therefore both display_h_end and display_v_end need
to be adjusted accordingly. However current implementation has
only display_h_end adjusted.
Signed-off-by: Kuogee Hsieh <quic_khsieh@quicinc.com>
Fixes: fc3a69ec68d3 ("drm/msm/dpu: intf timing path for displayport")
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Patchwork: https://patchwork.freedesktop.org/patch/476277/
Link: https://lore.kernel.org/r/1645824192-29670-2-git-send-email-quic_khsieh@quicinc.com
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/dpu1/dpu_hw_intf.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_intf.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_intf.c
index 6f0f54588124..108882bbd2b8 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_intf.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_intf.c
@@ -146,6 +146,7 @@ static void dpu_hw_intf_setup_timing_engine(struct dpu_hw_intf *ctx,
active_v_end = active_v_start + (p->yres * hsync_period) - 1;
display_v_start += p->hsync_pulse_width + p->h_back_porch;
+ display_v_end -= p->h_front_porch;
active_hctl = (active_h_end << 16) | active_h_start;
display_hctl = active_hctl;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 163/452] scsi: ufs: qcom: Fix ufs_qcom_resume()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 162/452] drm/msm/dpu: adjust display_v_end for eDP and DP Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 164/452] scsi: ufs: core: Exclude UECxx from SFR dump list Greg Kroah-Hartman
` (294 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bean Huo, Bjorn Andersson,
Bart Van Assche, Martin K. Petersen, Sasha Levin
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit bee40dc167da159ea5b939c074e1da258610a3d6 ]
Clearing hba->is_sys_suspended if ufs_qcom_resume() succeeds is wrong. That
variable must only be cleared if all actions involved in a resume succeed.
Hence remove the statement that clears hba->is_sys_suspended from
ufs_qcom_resume().
Link: https://lore.kernel.org/r/20220419225811.4127248-23-bvanassche@acm.org
Fixes: 81c0fc51b7a7 ("ufs-qcom: add support for Qualcomm Technologies Inc platforms")
Tested-by: Bean Huo <beanhuo@micron.com>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Reviewed-by: Bean Huo <beanhuo@micron.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/ufs/ufs-qcom.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/drivers/scsi/ufs/ufs-qcom.c b/drivers/scsi/ufs/ufs-qcom.c
index 20182e39cb28..117740b302fa 100644
--- a/drivers/scsi/ufs/ufs-qcom.c
+++ b/drivers/scsi/ufs/ufs-qcom.c
@@ -623,12 +623,7 @@ static int ufs_qcom_resume(struct ufs_hba *hba, enum ufs_pm_op pm_op)
return err;
}
- err = ufs_qcom_ice_resume(host);
- if (err)
- return err;
-
- hba->is_sys_suspended = false;
- return 0;
+ return ufs_qcom_ice_resume(host);
}
static void ufs_qcom_dev_ref_clk_ctrl(struct ufs_qcom_host *host, bool enable)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 164/452] scsi: ufs: core: Exclude UECxx from SFR dump list
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 163/452] scsi: ufs: qcom: Fix ufs_qcom_resume() Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 165/452] selftests/resctrl: Fix null pointer dereference on open failed Greg Kroah-Hartman
` (293 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kiwoong Kim, Martin K. Petersen, Sasha Levin
From: Kiwoong Kim <kwmad.kim@samsung.com>
[ Upstream commit ef60031022eb6d972aac86ca26c98c33e1289436 ]
Some devices may return invalid or zeroed data during an UIC error
condition. In addition, reading these SFRs will clear them. This means the
subsequent error handling will not be able to see them and therefore no
error handling will be scheduled.
Skip reading these SFRs in ufshcd_dump_regs().
Link: https://lore.kernel.org/r/1648689845-33521-1-git-send-email-kwmad.kim@samsung.com
Fixes: d67247566450 ("scsi: ufs: Use explicit access size in ufshcd_dump_regs")
Signed-off-by: Kiwoong Kim <kwmad.kim@samsung.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/ufs/ufshcd.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
index bf302776340c..ea6ceab1a1b2 100644
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -107,8 +107,13 @@ int ufshcd_dump_regs(struct ufs_hba *hba, size_t offset, size_t len,
if (!regs)
return -ENOMEM;
- for (pos = 0; pos < len; pos += 4)
+ for (pos = 0; pos < len; pos += 4) {
+ if (offset == 0 &&
+ pos >= REG_UIC_ERROR_CODE_PHY_ADAPTER_LAYER &&
+ pos <= REG_UIC_ERROR_CODE_DME)
+ continue;
regs[pos / 4] = ufshcd_readl(hba, offset + pos);
+ }
ufshcd_hex_dump(prefix, regs, len);
kfree(regs);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 165/452] selftests/resctrl: Fix null pointer dereference on open failed
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 164/452] scsi: ufs: core: Exclude UECxx from SFR dump list Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 166/452] libbpf: Fix logic for finding matching program for CO-RE relocation Greg Kroah-Hartman
` (292 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Colin Ian King, Shuah Khan, Sasha Levin
From: Colin Ian King <colin.i.king@gmail.com>
[ Upstream commit c7b607fa9325ccc94982774c505176677117689c ]
Currently if opening /dev/null fails to open then file pointer fp
is null and further access to fp via fprintf will cause a null
pointer dereference. Fix this by returning a negative error value
when a null fp is detected.
Detected using cppcheck static analysis:
tools/testing/selftests/resctrl/fill_buf.c:124:6: note: Assuming
that condition '!fp' is not redundant
if (!fp)
^
tools/testing/selftests/resctrl/fill_buf.c:126:10: note: Null
pointer dereference
fprintf(fp, "Sum: %d ", ret);
Fixes: a2561b12fe39 ("selftests/resctrl: Add built in benchmark")
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/resctrl/fill_buf.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/resctrl/fill_buf.c b/tools/testing/selftests/resctrl/fill_buf.c
index 51e5cf22632f..56ccbeae0638 100644
--- a/tools/testing/selftests/resctrl/fill_buf.c
+++ b/tools/testing/selftests/resctrl/fill_buf.c
@@ -121,8 +121,10 @@ static int fill_cache_read(unsigned char *start_ptr, unsigned char *end_ptr,
/* Consume read result so that reading memory is not optimized out. */
fp = fopen("/dev/null", "w");
- if (!fp)
+ if (!fp) {
perror("Unable to write to /dev/null");
+ return -1;
+ }
fprintf(fp, "Sum: %d ", ret);
fclose(fp);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 166/452] libbpf: Fix logic for finding matching program for CO-RE relocation
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 165/452] selftests/resctrl: Fix null pointer dereference on open failed Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 167/452] mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() Greg Kroah-Hartman
` (291 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrii Nakryiko, Alexei Starovoitov,
Sasha Levin
From: Andrii Nakryiko <andrii@kernel.org>
[ Upstream commit 966a7509325395c51c5f6d89e7352b0585e4804b ]
Fix the bug in bpf_object__relocate_core() which can lead to finding
invalid matching BPF program when processing CO-RE relocation. IF
matching program is not found, last encountered program will be assumed
to be correct program and thus error detection won't detect the problem.
Fixes: 9c82a63cf370 ("libbpf: Fix CO-RE relocs against .text section")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20220426004511.2691730-4-andrii@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/libbpf.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index dda8f9cdc652..8fada26529b7 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -5928,9 +5928,10 @@ bpf_object__relocate_core(struct bpf_object *obj, const char *targ_btf_path)
*/
prog = NULL;
for (i = 0; i < obj->nr_programs; i++) {
- prog = &obj->programs[i];
- if (strcmp(prog->sec_name, sec_name) == 0)
+ if (strcmp(obj->programs[i].sec_name, sec_name) == 0) {
+ prog = &obj->programs[i];
break;
+ }
}
if (!prog) {
pr_warn("sec '%s': failed to find a BPF program\n", sec_name);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 167/452] mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 166/452] libbpf: Fix logic for finding matching program for CO-RE relocation Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 168/452] x86/pm: Fix false positive kmemleak report in msr_build_context() Greg Kroah-Hartman
` (290 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen-Tsung Hsieh, Pratyush Yadav,
Michael Walle, Tudor Ambarus, Sasha Levin
From: Chen-Tsung Hsieh <chentsung@chromium.org>
[ Upstream commit 70dd83d737d8900b2d98db6dc6b928c596334d37 ]
Read back Status Register 1 to ensure that the written byte match the
received value and return -EIO if read back test failed.
Without this patch, spi_nor_write_16bit_sr_and_check() only check the
second half of the 16bit. It causes errors like spi_nor_sr_unlock()
return success incorrectly when spi_nor_write_16bit_sr_and_check()
doesn't write SR successfully.
Fixes: 39d1e3340c73 ("mtd: spi-nor: Fix clearing of QE bit on lock()/unlock()")
Signed-off-by: Chen-Tsung Hsieh <chentsung@chromium.org>
Signed-off-by: Pratyush Yadav <p.yadav@ti.com>
Reviewed-by: Michael Walle <michael@walle.cc>
Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Acked-by: Pratyush Yadav <p.yadav@ti.com>
Link: https://lore.kernel.org/r/20220126073227.3401275-1-chentsung@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/spi-nor/core.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/mtd/spi-nor/core.c b/drivers/mtd/spi-nor/core.c
index 2b26a875a855..e8146a47da12 100644
--- a/drivers/mtd/spi-nor/core.c
+++ b/drivers/mtd/spi-nor/core.c
@@ -827,6 +827,15 @@ static int spi_nor_write_16bit_sr_and_check(struct spi_nor *nor, u8 sr1)
if (ret)
return ret;
+ ret = spi_nor_read_sr(nor, sr_cr);
+ if (ret)
+ return ret;
+
+ if (sr1 != sr_cr[0]) {
+ dev_dbg(nor->dev, "SR: Read back test failed\n");
+ return -EIO;
+ }
+
if (nor->flags & SNOR_F_NO_READ_CR)
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 168/452] x86/pm: Fix false positive kmemleak report in msr_build_context()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 167/452] mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 169/452] mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() Greg Kroah-Hartman
` (289 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mat Martineau, Matthieu Baerts,
Borislav Petkov, Rafael J. Wysocki, Sasha Levin
From: Matthieu Baerts <matthieu.baerts@tessares.net>
[ Upstream commit b0b592cf08367719e1d1ef07c9f136e8c17f7ec3 ]
Since
e2a1256b17b1 ("x86/speculation: Restore speculation related MSRs during S3 resume")
kmemleak reports this issue:
unreferenced object 0xffff888009cedc00 (size 256):
comm "swapper/0", pid 1, jiffies 4294693823 (age 73.764s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 ........H.......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
msr_build_context (include/linux/slab.h:621)
pm_check_save_msr (arch/x86/power/cpu.c:520)
do_one_initcall (init/main.c:1298)
kernel_init_freeable (init/main.c:1370)
kernel_init (init/main.c:1504)
ret_from_fork (arch/x86/entry/entry_64.S:304)
Reproducer:
- boot the VM with a debug kernel config (see
https://github.com/multipath-tcp/mptcp_net-next/issues/268)
- wait ~1 minute
- start a kmemleak scan
The root cause here is alignment within the packed struct saved_context
(from suspend_64.h). Kmemleak only searches for pointers that are
aligned (see how pointers are scanned in kmemleak.c), but pahole shows
that the saved_msrs struct member and all members after it in the
structure are unaligned:
struct saved_context {
struct pt_regs regs; /* 0 168 */
/* --- cacheline 2 boundary (128 bytes) was 40 bytes ago --- */
u16 ds; /* 168 2 */
...
u64 misc_enable; /* 232 8 */
bool misc_enable_saved; /* 240 1 */
/* Note below odd offset values for the remainder of this struct */
struct saved_msrs saved_msrs; /* 241 16 */
/* --- cacheline 4 boundary (256 bytes) was 1 bytes ago --- */
long unsigned int efer; /* 257 8 */
u16 gdt_pad; /* 265 2 */
struct desc_ptr gdt_desc; /* 267 10 */
u16 idt_pad; /* 277 2 */
struct desc_ptr idt; /* 279 10 */
u16 ldt; /* 289 2 */
u16 tss; /* 291 2 */
long unsigned int tr; /* 293 8 */
long unsigned int safety; /* 301 8 */
long unsigned int return_address; /* 309 8 */
/* size: 317, cachelines: 5, members: 25 */
/* last cacheline: 61 bytes */
} __attribute__((__packed__));
Move misc_enable_saved to the end of the struct declaration so that
saved_msrs fits in before the cacheline 4 boundary.
The comment above the saved_context declaration says to fix wakeup_64.S
file and __save/__restore_processor_state() if the struct is modified:
it looks like all the accesses in wakeup_64.S are done through offsets
which are computed at build-time. Update that comment accordingly.
At the end, the false positive kmemleak report is due to a limitation
from kmemleak but it is always good to avoid unaligned members for
optimisation purposes.
Please note that it looks like this issue is not new, e.g.
https://lore.kernel.org/all/9f1bb619-c4ee-21c4-a251-870bd4db04fa@lwfinger.net/
https://lore.kernel.org/all/94e48fcd-1dbd-ebd2-4c91-f39941735909@molgen.mpg.de/
[ bp: Massage + cleanup commit message. ]
Fixes: 7a9c2dd08ead ("x86/pm: Introduce quirk framework to save/restore extra MSR registers around suspend/resume")
Suggested-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Link: https://lore.kernel.org/r/20220426202138.498310-1-matthieu.baerts@tessares.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/suspend_32.h | 2 +-
arch/x86/include/asm/suspend_64.h | 12 ++++++++----
2 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/arch/x86/include/asm/suspend_32.h b/arch/x86/include/asm/suspend_32.h
index fdbd9d7b7bca..3b97aa921543 100644
--- a/arch/x86/include/asm/suspend_32.h
+++ b/arch/x86/include/asm/suspend_32.h
@@ -21,7 +21,6 @@ struct saved_context {
#endif
unsigned long cr0, cr2, cr3, cr4;
u64 misc_enable;
- bool misc_enable_saved;
struct saved_msrs saved_msrs;
struct desc_ptr gdt_desc;
struct desc_ptr idt;
@@ -30,6 +29,7 @@ struct saved_context {
unsigned long tr;
unsigned long safety;
unsigned long return_address;
+ bool misc_enable_saved;
} __attribute__((packed));
/* routines for saving/restoring kernel state */
diff --git a/arch/x86/include/asm/suspend_64.h b/arch/x86/include/asm/suspend_64.h
index 35bb35d28733..54df06687d83 100644
--- a/arch/x86/include/asm/suspend_64.h
+++ b/arch/x86/include/asm/suspend_64.h
@@ -14,9 +14,13 @@
* Image of the saved processor state, used by the low level ACPI suspend to
* RAM code and by the low level hibernation code.
*
- * If you modify it, fix arch/x86/kernel/acpi/wakeup_64.S and make sure that
- * __save/__restore_processor_state(), defined in arch/x86/kernel/suspend_64.c,
- * still work as required.
+ * If you modify it, check how it is used in arch/x86/kernel/acpi/wakeup_64.S
+ * and make sure that __save/__restore_processor_state(), defined in
+ * arch/x86/power/cpu.c, still work as required.
+ *
+ * Because the structure is packed, make sure to avoid unaligned members. For
+ * optimisation purposes but also because tools like kmemleak only search for
+ * pointers that are aligned.
*/
struct saved_context {
struct pt_regs regs;
@@ -36,7 +40,6 @@ struct saved_context {
unsigned long cr0, cr2, cr3, cr4;
u64 misc_enable;
- bool misc_enable_saved;
struct saved_msrs saved_msrs;
unsigned long efer;
u16 gdt_pad; /* Unused */
@@ -48,6 +51,7 @@ struct saved_context {
unsigned long tr;
unsigned long safety;
unsigned long return_address;
+ bool misc_enable_saved;
} __attribute__((packed));
#define loaddebug(thread,register) \
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 169/452] mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 168/452] x86/pm: Fix false positive kmemleak report in msr_build_context() Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 170/452] x86/speculation: Add missing prototype for unpriv_ebpf_notify() Greg Kroah-Hartman
` (288 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Miquel Raynal, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit a28ed09dafee20da51eb26452950839633afd824 ]
It will cause null-ptr-deref when using 'res', if platform_get_resource()
returns NULL, so move using 'res' after devm_ioremap_resource() that
will check it to avoid null-ptr-deref.
And use devm_platform_get_and_ioremap_resource() to simplify code.
Fixes: ec4ba01e894d ("mtd: rawnand: Add new Cadence NAND driver to MTD subsystem")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220426084913.4021868-1-yangyingliang@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/cadence-nand-controller.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/mtd/nand/raw/cadence-nand-controller.c b/drivers/mtd/nand/raw/cadence-nand-controller.c
index b46786cd53e0..4fdb39214a12 100644
--- a/drivers/mtd/nand/raw/cadence-nand-controller.c
+++ b/drivers/mtd/nand/raw/cadence-nand-controller.c
@@ -2983,11 +2983,10 @@ static int cadence_nand_dt_probe(struct platform_device *ofdev)
if (IS_ERR(cdns_ctrl->reg))
return PTR_ERR(cdns_ctrl->reg);
- res = platform_get_resource(ofdev, IORESOURCE_MEM, 1);
- cdns_ctrl->io.dma = res->start;
- cdns_ctrl->io.virt = devm_ioremap_resource(&ofdev->dev, res);
+ cdns_ctrl->io.virt = devm_platform_get_and_ioremap_resource(ofdev, 1, &res);
if (IS_ERR(cdns_ctrl->io.virt))
return PTR_ERR(cdns_ctrl->io.virt);
+ cdns_ctrl->io.dma = res->start;
dt->clk = devm_clk_get(cdns_ctrl->dev, "nf_clk");
if (IS_ERR(dt->clk))
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 170/452] x86/speculation: Add missing prototype for unpriv_ebpf_notify()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 169/452] mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 171/452] ASoC: rk3328: fix disabling mclk on pclk probe failure Greg Kroah-Hartman
` (287 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Josh Poimboeuf,
Borislav Petkov, Sasha Levin
From: Josh Poimboeuf <jpoimboe@redhat.com>
[ Upstream commit 2147c438fde135d6c145a96e373d9348e7076f7f ]
Fix the following warnings seen with "make W=1":
kernel/sysctl.c:183:13: warning: no previous prototype for ‘unpriv_ebpf_notify’ [-Wmissing-prototypes]
183 | void __weak unpriv_ebpf_notify(int new_state)
| ^~~~~~~~~~~~~~~~~~
arch/x86/kernel/cpu/bugs.c:659:6: warning: no previous prototype for ‘unpriv_ebpf_notify’ [-Wmissing-prototypes]
659 | void unpriv_ebpf_notify(int new_state)
| ^~~~~~~~~~~~~~~~~~
Fixes: 44a3918c8245 ("x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/5689d065f739602ececaee1e05e68b8644009608.1650930000.git.jpoimboe@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/bpf.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index ea3ff499e94a..f21bc441e3fa 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -1730,6 +1730,8 @@ void bpf_offload_dev_netdev_unregister(struct bpf_offload_dev *offdev,
struct net_device *netdev);
bool bpf_offload_dev_match(struct bpf_prog *prog, struct net_device *netdev);
+void unpriv_ebpf_notify(int new_state);
+
#if defined(CONFIG_NET) && defined(CONFIG_BPF_SYSCALL)
int bpf_prog_offload_init(struct bpf_prog *prog, union bpf_attr *attr);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 171/452] ASoC: rk3328: fix disabling mclk on pclk probe failure
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 170/452] x86/speculation: Add missing prototype for unpriv_ebpf_notify() Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 172/452] perf tools: Add missing headers needed by util/data.h Greg Kroah-Hartman
` (286 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Frattaroli, Katsuhiro Suzuki,
Mark Brown, Sasha Levin
From: Nicolas Frattaroli <frattaroli.nicolas@gmail.com>
[ Upstream commit dd508e324cdde1c06ace08a8143fa50333a90703 ]
If preparing/enabling the pclk fails, the probe function should
unprepare and disable the previously prepared and enabled mclk,
which it doesn't do. This commit rectifies this.
Fixes: c32759035ad2 ("ASoC: rockchip: support ACODEC for rk3328")
Signed-off-by: Nicolas Frattaroli <frattaroli.nicolas@gmail.com>
Reviewed-by: Katsuhiro Suzuki <katsuhiro@katsuster.net>
Link: https://lore.kernel.org/r/20220427172310.138638-1-frattaroli.nicolas@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rk3328_codec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/codecs/rk3328_codec.c b/sound/soc/codecs/rk3328_codec.c
index aed18cbb9f68..e40b97929f6c 100644
--- a/sound/soc/codecs/rk3328_codec.c
+++ b/sound/soc/codecs/rk3328_codec.c
@@ -481,7 +481,7 @@ static int rk3328_platform_probe(struct platform_device *pdev)
ret = clk_prepare_enable(rk3328->pclk);
if (ret < 0) {
dev_err(&pdev->dev, "failed to enable acodec pclk\n");
- return ret;
+ goto err_unprepare_mclk;
}
base = devm_platform_ioremap_resource(pdev, 0);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 172/452] perf tools: Add missing headers needed by util/data.h
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 171/452] ASoC: rk3328: fix disabling mclk on pclk probe failure Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 173/452] drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume Greg Kroah-Hartman
` (285 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Jihong, Adrian Hunter,
Alexander Shishkin, Andi Kleen, Ingo Molnar, Jiri Olsa,
Mark Rutland, Namhyung Kim, Peter Zijlstra,
Arnaldo Carvalho de Melo, Sasha Levin
From: Yang Jihong <yangjihong1@huawei.com>
[ Upstream commit 4d27cf1d9de5becfa4d1efb2ea54dba1b9fc962a ]
'struct perf_data' in util/data.h uses the "u64" data type, which is
defined in "linux/types.h".
If we only include util/data.h, the following compilation error occurs:
util/data.h:38:3: error: unknown type name ‘u64’
u64 version;
^~~
Solution: include "linux/types.h." to add the needed type definitions.
Fixes: 258031c017c353e8 ("perf header: Add DIR_FORMAT feature to describe directory data")
Signed-off-by: Yang Jihong <yangjihong1@huawei.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20220429090539.212448-1-yangjihong1@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/data.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/perf/util/data.h b/tools/perf/util/data.h
index 75947ef6bc17..5b52ffedf0d5 100644
--- a/tools/perf/util/data.h
+++ b/tools/perf/util/data.h
@@ -3,6 +3,7 @@
#define __PERF_DATA_H
#include <stdbool.h>
+#include <linux/types.h>
enum perf_data_mode {
PERF_DATA_MODE_WRITE,
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 173/452] drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 172/452] perf tools: Add missing headers needed by util/data.h Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 174/452] drm/msm/dp: stop event kernel thread when DP unbind Greg Kroah-Hartman
` (284 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vinod Polimera, Dmitry Baryshkov,
Sasha Levin
From: Vinod Polimera <quic_vpolimer@quicinc.com>
[ Upstream commit fa5186b279ecf44b14fb435540d2065be91cb1ed ]
BUG: Unable to handle kernel paging request at virtual address 006b6b6b6b6b6be3
Call trace:
dpu_vbif_init_memtypes+0x40/0xb8
dpu_runtime_resume+0xcc/0x1c0
pm_generic_runtime_resume+0x30/0x44
__genpd_runtime_resume+0x68/0x7c
genpd_runtime_resume+0x134/0x258
__rpm_callback+0x98/0x138
rpm_callback+0x30/0x88
rpm_resume+0x36c/0x49c
__pm_runtime_resume+0x80/0xb0
dpu_core_irq_uninstall+0x30/0xb0
dpu_irq_uninstall+0x18/0x24
msm_drm_uninit+0xd8/0x16c
Fixes: 25fdd5933e4c ("drm/msm: Add SDM845 DPU support")
Signed-off-by: Vinod Polimera <quic_vpolimer@quicinc.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/483255/
Link: https://lore.kernel.org/r/1650857213-30075-1-git-send-email-quic_vpolimer@quicinc.com
[DB: fixed Fixes tag]
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
index 08e082d0443a..b05ff46d773d 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
@@ -678,8 +678,10 @@ static void _dpu_kms_hw_destroy(struct dpu_kms *dpu_kms)
for (i = 0; i < dpu_kms->catalog->vbif_count; i++) {
u32 vbif_idx = dpu_kms->catalog->vbif[i].id;
- if ((vbif_idx < VBIF_MAX) && dpu_kms->hw_vbif[vbif_idx])
+ if ((vbif_idx < VBIF_MAX) && dpu_kms->hw_vbif[vbif_idx]) {
dpu_hw_vbif_destroy(dpu_kms->hw_vbif[vbif_idx]);
+ dpu_kms->hw_vbif[vbif_idx] = NULL;
+ }
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 174/452] drm/msm/dp: stop event kernel thread when DP unbind
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 173/452] drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 175/452] drm/msm/dp: fix error check return value of irq_of_parse_and_map() Greg Kroah-Hartman
` (283 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kuogee Hsieh, Dmitry Baryshkov,
Stephen Boyd, Sasha Levin
From: Kuogee Hsieh <quic_khsieh@quicinc.com>
[ Upstream commit 570d3e5d28db7a94557fa179167a9fb8642fb8a1 ]
Current DP driver implementation, event thread is kept running
after DP display is unbind. This patch fix this problem by disabling
DP irq and stop event thread to exit gracefully at dp_display_unbind().
Changes in v2:
-- start event thread at dp_display_bind()
Changes in v3:
-- disable all HDP interrupts at unbind
-- replace dp_hpd_event_setup() with dp_hpd_event_thread_start()
-- replace dp_hpd_event_stop() with dp_hpd_event_thread_stop()
-- move init_waitqueue_head(&dp->event_q) to probe()
-- move spin_lock_init(&dp->event_lock) to probe()
Changes in v4:
-- relocate both dp_display_bind() and dp_display_unbind() to bottom of file
Changes in v5:
-- cancel relocation of both dp_display_bind() and dp_display_unbind()
Changes in v6:
-- move empty event q to dp_event_thread_start()
Changes in v7:
-- call ktheread_stop() directly instead of dp_hpd_event_thread_stop() function
Changes in v8:
-- return error immediately if audio registration failed.
Changes in v9:
-- return error immediately if event thread create failed.
Changes in v10:
-- delete extra DRM_ERROR("failed to create DP event thread\n");
Fixes: 8ede2ecc3e5e ("drm/msm/dp: Add DP compliance tests on Snapdragon Chipsets")
Signed-off-by: Kuogee Hsieh <quic_khsieh@quicinc.com>
Reported-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Patchwork: https://patchwork.freedesktop.org/patch/482399/
Link: https://lore.kernel.org/r/1650318988-17580-1-git-send-email-quic_khsieh@quicinc.com
[DB: fixed Fixes tag]
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/dp/dp_display.c | 39 +++++++++++++++++++++++------
1 file changed, 31 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/msm/dp/dp_display.c b/drivers/gpu/drm/msm/dp/dp_display.c
index 6cd6934c8c9f..36caf3d5a9f9 100644
--- a/drivers/gpu/drm/msm/dp/dp_display.c
+++ b/drivers/gpu/drm/msm/dp/dp_display.c
@@ -111,6 +111,7 @@ struct dp_display_private {
u32 hpd_state;
u32 event_pndx;
u32 event_gndx;
+ struct task_struct *ev_tsk;
struct dp_event event_list[DP_EVENT_Q_MAX];
spinlock_t event_lock;
@@ -194,6 +195,8 @@ void dp_display_signal_audio_complete(struct msm_dp *dp_display)
complete_all(&dp->audio_comp);
}
+static int dp_hpd_event_thread_start(struct dp_display_private *dp_priv);
+
static int dp_display_bind(struct device *dev, struct device *master,
void *data)
{
@@ -234,9 +237,18 @@ static int dp_display_bind(struct device *dev, struct device *master,
}
rc = dp_register_audio_driver(dev, dp->audio);
- if (rc)
+ if (rc) {
DRM_ERROR("Audio registration Dp failed\n");
+ goto end;
+ }
+ rc = dp_hpd_event_thread_start(dp);
+ if (rc) {
+ DRM_ERROR("Event thread create failed\n");
+ goto end;
+ }
+
+ return 0;
end:
return rc;
}
@@ -255,6 +267,11 @@ static void dp_display_unbind(struct device *dev, struct device *master,
return;
}
+ /* disable all HPD interrupts */
+ dp_catalog_hpd_config_intr(dp->catalog, DP_DP_HPD_INT_MASK, false);
+
+ kthread_stop(dp->ev_tsk);
+
dp_power_client_deinit(dp->power);
dp_aux_unregister(dp->aux);
priv->dp = NULL;
@@ -981,7 +998,7 @@ static int hpd_event_thread(void *data)
dp_priv = (struct dp_display_private *)data;
- while (1) {
+ while (!kthread_should_stop()) {
if (timeout_mode) {
wait_event_timeout(dp_priv->event_q,
(dp_priv->event_pndx == dp_priv->event_gndx),
@@ -1062,12 +1079,17 @@ static int hpd_event_thread(void *data)
return 0;
}
-static void dp_hpd_event_setup(struct dp_display_private *dp_priv)
+static int dp_hpd_event_thread_start(struct dp_display_private *dp_priv)
{
- init_waitqueue_head(&dp_priv->event_q);
- spin_lock_init(&dp_priv->event_lock);
+ /* set event q to empty */
+ dp_priv->event_gndx = 0;
+ dp_priv->event_pndx = 0;
- kthread_run(hpd_event_thread, dp_priv, "dp_hpd_handler");
+ dp_priv->ev_tsk = kthread_run(hpd_event_thread, dp_priv, "dp_hpd_handler");
+ if (IS_ERR(dp_priv->ev_tsk))
+ return PTR_ERR(dp_priv->ev_tsk);
+
+ return 0;
}
static irqreturn_t dp_display_irq_handler(int irq, void *dev_id)
@@ -1167,8 +1189,11 @@ static int dp_display_probe(struct platform_device *pdev)
return -EPROBE_DEFER;
}
+ /* setup event q */
mutex_init(&dp->event_mutex);
g_dp_display = &dp->dp_display;
+ init_waitqueue_head(&dp->event_q);
+ spin_lock_init(&dp->event_lock);
/* Store DP audio handle inside DP display */
g_dp_display->dp_audio = dp->audio;
@@ -1308,8 +1333,6 @@ void msm_dp_irq_postinstall(struct msm_dp *dp_display)
dp = container_of(dp_display, struct dp_display_private, dp_display);
- dp_hpd_event_setup(dp);
-
dp_add_event(dp, EV_HPD_INIT_SETUP, 0, 100);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 175/452] drm/msm/dp: fix error check return value of irq_of_parse_and_map()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 174/452] drm/msm/dp: stop event kernel thread when DP unbind Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 176/452] drm/msm/dsi: fix error checks and return values for DSI xmit functions Greg Kroah-Hartman
` (282 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Lv Ruyi,
Dmitry Baryshkov, Sasha Levin
From: Lv Ruyi <lv.ruyi@zte.com.cn>
[ Upstream commit e92d0d93f86699b7b25c7906613fdc374d66c8ca ]
The irq_of_parse_and_map() function returns 0 on failure, and does not
return an negative value.
Fixes: 8ede2ecc3e5e ("drm/msm/dp: Add DP compliance tests on Snapdragon Chipsets")
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/483176/
Link: https://lore.kernel.org/r/20220424032418.3173632-1-lv.ruyi@zte.com.cn
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/dp/dp_display.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/msm/dp/dp_display.c b/drivers/gpu/drm/msm/dp/dp_display.c
index 36caf3d5a9f9..09c8e50da68d 100644
--- a/drivers/gpu/drm/msm/dp/dp_display.c
+++ b/drivers/gpu/drm/msm/dp/dp_display.c
@@ -1147,10 +1147,9 @@ int dp_display_request_irq(struct msm_dp *dp_display)
dp = container_of(dp_display, struct dp_display_private, dp_display);
dp->irq = irq_of_parse_and_map(dp->pdev->dev.of_node, 0);
- if (dp->irq < 0) {
- rc = dp->irq;
- DRM_ERROR("failed to get irq: %d\n", rc);
- return rc;
+ if (!dp->irq) {
+ DRM_ERROR("failed to get irq\n");
+ return -EINVAL;
}
rc = devm_request_irq(&dp->pdev->dev, dp->irq,
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 176/452] drm/msm/dsi: fix error checks and return values for DSI xmit functions
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 175/452] drm/msm/dp: fix error check return value of irq_of_parse_and_map() Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 177/452] drm/msm/hdmi: check return value after calling platform_get_resource_byname() Greg Kroah-Hartman
` (281 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Dmitry Baryshkov,
Abhinav Kumar, Marijn Suijten, Sasha Levin
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit f0e7e9ed379c012c4d6b09a09b868accc426223c ]
As noticed by Dan ([1] an the followup thread) there are multiple issues
with the return values for MSM DSI command transmission callback. In
the error case it can easily return a positive value when it should
have returned a proper error code.
This commits attempts to fix these issues both in TX and in RX paths.
[1]: https://lore.kernel.org/linux-arm-msm/20211001123617.GH2283@kili/
Fixes: a689554ba6ed ("drm/msm: Initial add DSI connector support")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Tested-by: Marijn Suijten <marijn.suijten@somainline.org>
Patchwork: https://patchwork.freedesktop.org/patch/480501/
Link: https://lore.kernel.org/r/20220401231104.967193-1-dmitry.baryshkov@linaro.org
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/dsi/dsi_host.c | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/drivers/gpu/drm/msm/dsi/dsi_host.c b/drivers/gpu/drm/msm/dsi/dsi_host.c
index 64454a63bbac..51e8318cc8ff 100644
--- a/drivers/gpu/drm/msm/dsi/dsi_host.c
+++ b/drivers/gpu/drm/msm/dsi/dsi_host.c
@@ -1371,10 +1371,10 @@ static int dsi_cmds2buf_tx(struct msm_dsi_host *msm_host,
dsi_get_bpp(msm_host->format) / 8;
len = dsi_cmd_dma_add(msm_host, msg);
- if (!len) {
+ if (len < 0) {
pr_err("%s: failed to add cmd type = 0x%x\n",
__func__, msg->type);
- return -EINVAL;
+ return len;
}
/* for video mode, do not send cmds more than
@@ -1393,10 +1393,14 @@ static int dsi_cmds2buf_tx(struct msm_dsi_host *msm_host,
}
ret = dsi_cmd_dma_tx(msm_host, len);
- if (ret < len) {
- pr_err("%s: cmd dma tx failed, type=0x%x, data0=0x%x, len=%d\n",
- __func__, msg->type, (*(u8 *)(msg->tx_buf)), len);
- return -ECOMM;
+ if (ret < 0) {
+ pr_err("%s: cmd dma tx failed, type=0x%x, data0=0x%x, len=%d, ret=%d\n",
+ __func__, msg->type, (*(u8 *)(msg->tx_buf)), len, ret);
+ return ret;
+ } else if (ret < len) {
+ pr_err("%s: cmd dma tx failed, type=0x%x, data0=0x%x, ret=%d len=%d\n",
+ __func__, msg->type, (*(u8 *)(msg->tx_buf)), ret, len);
+ return -EIO;
}
return len;
@@ -2139,9 +2143,12 @@ int msm_dsi_host_cmd_rx(struct mipi_dsi_host *host,
}
ret = dsi_cmds2buf_tx(msm_host, msg);
- if (ret < msg->tx_len) {
+ if (ret < 0) {
pr_err("%s: Read cmd Tx failed, %d\n", __func__, ret);
return ret;
+ } else if (ret < msg->tx_len) {
+ pr_err("%s: Read cmd Tx failed, too short: %d\n", __func__, ret);
+ return -ECOMM;
}
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 177/452] drm/msm/hdmi: check return value after calling platform_get_resource_byname()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 176/452] drm/msm/dsi: fix error checks and return values for DSI xmit functions Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 178/452] drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() Greg Kroah-Hartman
` (280 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Dmitry Baryshkov,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit a36e506711548df923ceb7ec9f6001375be799a5 ]
It will cause null-ptr-deref if platform_get_resource_byname() returns NULL,
we need check the return value.
Fixes: c6a57a50ad56 ("drm/msm/hdmi: add hdmi hdcp support (V3)")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/482992/
Link: https://lore.kernel.org/r/20220422032227.2991553-1-yangyingliang@huawei.com
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/hdmi/hdmi.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/msm/hdmi/hdmi.c b/drivers/gpu/drm/msm/hdmi/hdmi.c
index 94f948ef279d..2758b51aa4e0 100644
--- a/drivers/gpu/drm/msm/hdmi/hdmi.c
+++ b/drivers/gpu/drm/msm/hdmi/hdmi.c
@@ -142,6 +142,10 @@ static struct hdmi *msm_hdmi_init(struct platform_device *pdev)
/* HDCP needs physical address of hdmi register */
res = platform_get_resource_byname(pdev, IORESOURCE_MEM,
config->mmio_name);
+ if (!res) {
+ ret = -EINVAL;
+ goto fail;
+ }
hdmi->mmio_phy_addr = res->start;
hdmi->qfprom_mmio = msm_ioremap(pdev,
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 178/452] drm/msm/hdmi: fix error check return value of irq_of_parse_and_map()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 177/452] drm/msm/hdmi: check return value after calling platform_get_resource_byname() Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 179/452] drm/msm: add missing include to msm_drv.c Greg Kroah-Hartman
` (279 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Lv Ruyi, Stephen Boyd,
Dmitry Baryshkov, Sasha Levin
From: Lv Ruyi <lv.ruyi@zte.com.cn>
[ Upstream commit 03371e4fbdeb7f596cbceacb59e474248b6d95ac ]
The irq_of_parse_and_map() function returns 0 on failure, and does not
return a negative value anyhow, so never enter this conditional branch.
Fixes: f6a8eaca0ea1 ("drm/msm/mdp5: use irqdomains")
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Patchwork: https://patchwork.freedesktop.org/patch/483294/
Link: https://lore.kernel.org/r/20220425091831.3500487-1-lv.ruyi@zte.com.cn
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/hdmi/hdmi.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/msm/hdmi/hdmi.c b/drivers/gpu/drm/msm/hdmi/hdmi.c
index 2758b51aa4e0..28b33b35a30c 100644
--- a/drivers/gpu/drm/msm/hdmi/hdmi.c
+++ b/drivers/gpu/drm/msm/hdmi/hdmi.c
@@ -315,9 +315,9 @@ int msm_hdmi_modeset_init(struct hdmi *hdmi,
}
hdmi->irq = irq_of_parse_and_map(pdev->dev.of_node, 0);
- if (hdmi->irq < 0) {
- ret = hdmi->irq;
- DRM_DEV_ERROR(dev->dev, "failed to get irq: %d\n", ret);
+ if (!hdmi->irq) {
+ ret = -EINVAL;
+ DRM_DEV_ERROR(dev->dev, "failed to get irq\n");
goto fail;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 179/452] drm/msm: add missing include to msm_drv.c
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 178/452] drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 180/452] drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H Greg Kroah-Hartman
` (278 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Abhinav Kumar,
Dmitry Baryshkov, Sasha Levin
From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
[ Upstream commit 8123fe83c3a3448bbfa5b5b1cacfdfe7d076fca6 ]
Add explicit include of drm_bridge.h to the msm_drv.c to fix the
following warning:
drivers/gpu/drm/msm/msm_drv.c:236:17: error: implicit declaration of function 'drm_bridge_remove'; did you mean 'drm_bridge_detach'? [-Werror=implicit-function-declaration]
Fixes: d28ea556267c ("drm/msm: properly add and remove internal bridges")
Reported-by: kernel test robot <lkp@intel.com>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/484310/
Link: https://lore.kernel.org/r/20220430180917.3819294-1-dmitry.baryshkov@linaro.org
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/msm_drv.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c
index e37e5afc680a..087efcb1f34c 100644
--- a/drivers/gpu/drm/msm/msm_drv.c
+++ b/drivers/gpu/drm/msm/msm_drv.c
@@ -10,6 +10,7 @@
#include <linux/uaccess.h>
#include <uapi/linux/sched/types.h>
+#include <drm/drm_bridge.h>
#include <drm/drm_drv.h>
#include <drm/drm_file.h>
#include <drm/drm_ioctl.h>
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 180/452] drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 179/452] drm/msm: add missing include to msm_drv.c Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 181/452] drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() Greg Kroah-Hartman
` (277 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jagan Teki, Robert Foss, Sasha Levin
From: Jagan Teki <jagan@amarulasolutions.com>
[ Upstream commit 7eafbecd2288c542ea15ea20cf1a7e64a25c21bc ]
AM-1280800N3TZQW-T00H panel support 8 bpc not 6 bpc as per
recent testing in i.MX8MM platform.
Fix it.
Fixes: bca684e69c4c ("drm/panel: simple: Add AM-1280800N3TZQW-T00H")
Signed-off-by: Jagan Teki <jagan@amarulasolutions.com>
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20211111094103.494831-1-jagan@amarulasolutions.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panel/panel-simple.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/panel/panel-simple.c b/drivers/gpu/drm/panel/panel-simple.c
index 18850439a2ab..bf2c845ef3a2 100644
--- a/drivers/gpu/drm/panel/panel-simple.c
+++ b/drivers/gpu/drm/panel/panel-simple.c
@@ -676,7 +676,7 @@ static const struct drm_display_mode ampire_am_1280800n3tzqw_t00h_mode = {
static const struct panel_desc ampire_am_1280800n3tzqw_t00h = {
.modes = &ire_am_1280800n3tzqw_t00h_mode,
.num_modes = 1,
- .bpc = 6,
+ .bpc = 8,
.size = {
.width = 217,
.height = 136,
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 181/452] drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 180/452] drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 182/452] perf tools: Use Python devtools for version autodetection rather than runtime Greg Kroah-Hartman
` (276 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Heiko Stuebner, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit f8c242908ad15bbd604d3bcb54961b7d454c43f8 ]
It will cause null-ptr-deref in resource_size(), if platform_get_resource()
returns NULL, move calling resource_size() after devm_ioremap_resource() that
will check 'res' to avoid null-ptr-deref.
Fixes: 2048e3286f34 ("drm: rockchip: Add basic drm driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20220422032854.2995175-1-yangyingliang@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
index 0f23144491e4..91568f166a8a 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
@@ -2097,10 +2097,10 @@ static int vop_bind(struct device *dev, struct device *master, void *data)
vop_win_init(vop);
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
- vop->len = resource_size(res);
vop->regs = devm_ioremap_resource(dev, res);
if (IS_ERR(vop->regs))
return PTR_ERR(vop->regs);
+ vop->len = resource_size(res);
res = platform_get_resource(pdev, IORESOURCE_MEM, 1);
if (res) {
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 182/452] perf tools: Use Python devtools for version autodetection rather than runtime
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 181/452] drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 183/452] virtio_blk: fix the discard_granularity and discard_alignment queue limits Greg Kroah-Hartman
` (275 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, James Clark, Alexander Shishkin,
Jiri Olsa, Mark Rutland, Namhyung Kim, Arnaldo Carvalho de Melo,
Sasha Levin
From: James Clark <james.clark@arm.com>
[ Upstream commit 630af16eee495f583db5202c3613d1b191f10694 ]
This fixes the issue where the build will fail if only the Python2
runtime is installed but the Python3 devtools are installed. Currently
the workaround is 'make PYTHON=python3'.
Fix it by autodetecting Python based on whether python[x]-config exists
rather than just python[x] because both are needed for the build. Then
-config is stripped to find the Python runtime.
Testing
=======
* Auto detect links with Python3 when the v3 devtools are installed
and only Python 2 runtime is installed
* Auto detect links with Python2 when both devtools are installed
* Sensible warning is printed if no Python devtools are installed
* 'make PYTHON=x' still automatically sets PYTHON_CONFIG=x-config
* 'make PYTHON=x' fails if x-config doesn't exist
* 'make PYTHON=python3' overrides Python2 devtools
* 'make PYTHON=python2' overrides Python3 devtools
* 'make PYTHON_CONFIG=x-config' works
* 'make PYTHON=x PYTHON_CONFIG=x' works
* 'make PYTHON=missing' reports an error
* 'make PYTHON_CONFIG=missing' reports an error
Fixes: 79373082fa9de8be ("perf python: Autodetect python3 binary")
Signed-off-by: James Clark <james.clark@arm.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: James Clark <james.clark@arm.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Link: https://lore.kernel.org/r/20220309194313.3350126-2-james.clark@arm.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/Makefile.config | 39 ++++++++++++++++++++++++++------------
1 file changed, 27 insertions(+), 12 deletions(-)
diff --git a/tools/perf/Makefile.config b/tools/perf/Makefile.config
index 41dff8d38448..5ee3c4d1fbb2 100644
--- a/tools/perf/Makefile.config
+++ b/tools/perf/Makefile.config
@@ -222,18 +222,33 @@ ifdef PARSER_DEBUG
endif
# Try different combinations to accommodate systems that only have
-# python[2][-config] in weird combinations but always preferring
-# python2 and python2-config as per pep-0394. If python2 or python
-# aren't found, then python3 is used.
-PYTHON_AUTO := python
-PYTHON_AUTO := $(if $(call get-executable,python3),python3,$(PYTHON_AUTO))
-PYTHON_AUTO := $(if $(call get-executable,python),python,$(PYTHON_AUTO))
-PYTHON_AUTO := $(if $(call get-executable,python2),python2,$(PYTHON_AUTO))
-override PYTHON := $(call get-executable-or-default,PYTHON,$(PYTHON_AUTO))
-PYTHON_AUTO_CONFIG := \
- $(if $(call get-executable,$(PYTHON)-config),$(PYTHON)-config,python-config)
-override PYTHON_CONFIG := \
- $(call get-executable-or-default,PYTHON_CONFIG,$(PYTHON_AUTO_CONFIG))
+# python[2][3]-config in weird combinations in the following order of
+# priority from lowest to highest:
+# * python3-config
+# * python-config
+# * python2-config as per pep-0394.
+# * $(PYTHON)-config (If PYTHON is user supplied but PYTHON_CONFIG isn't)
+#
+PYTHON_AUTO := python-config
+PYTHON_AUTO := $(if $(call get-executable,python3-config),python3-config,$(PYTHON_AUTO))
+PYTHON_AUTO := $(if $(call get-executable,python-config),python-config,$(PYTHON_AUTO))
+PYTHON_AUTO := $(if $(call get-executable,python2-config),python2-config,$(PYTHON_AUTO))
+
+# If PYTHON is defined but PYTHON_CONFIG isn't, then take $(PYTHON)-config as if it was the user
+# supplied value for PYTHON_CONFIG. Because it's "user supplied", error out if it doesn't exist.
+ifdef PYTHON
+ ifndef PYTHON_CONFIG
+ PYTHON_CONFIG_AUTO := $(call get-executable,$(PYTHON)-config)
+ PYTHON_CONFIG := $(if $(PYTHON_CONFIG_AUTO),$(PYTHON_CONFIG_AUTO),\
+ $(call $(error $(PYTHON)-config not found)))
+ endif
+endif
+
+# Select either auto detected python and python-config or use user supplied values if they are
+# defined. get-executable-or-default fails with an error if the first argument is supplied but
+# doesn't exist.
+override PYTHON_CONFIG := $(call get-executable-or-default,PYTHON_CONFIG,$(PYTHON_AUTO))
+override PYTHON := $(call get-executable-or-default,PYTHON,$(subst -config,,$(PYTHON_AUTO)))
grep-libs = $(filter -l%,$(1))
strip-libs = $(filter-out -l%,$(1))
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 183/452] virtio_blk: fix the discard_granularity and discard_alignment queue limits
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 182/452] perf tools: Use Python devtools for version autodetection rather than runtime Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 184/452] x86: Fix return value of __setup handlers Greg Kroah-Hartman
` (274 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig,
Martin K. Petersen, Jens Axboe, Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 62952cc5bccd89b76d710de1d0b43244af0f2903 ]
The discard_alignment queue limit is named a bit misleading means the
offset into the block device at which the discard granularity starts.
On the other hand the discard_sector_alignment from the virtio 1.1 looks
similar to what Linux uses as discard granularity (even if not very well
described):
"discard_sector_alignment can be used by OS when splitting a request
based on alignment. "
And at least qemu does set it to the discard granularity.
So stop setting the discard_alignment and use the virtio
discard_sector_alignment to set the discard granularity.
Fixes: 1f23816b8eb8 ("virtio_blk: add discard and write zeroes support")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Link: https://lore.kernel.org/r/20220418045314.360785-5-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/virtio_blk.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
index 02e2056780ad..9b54eec9b17e 100644
--- a/drivers/block/virtio_blk.c
+++ b/drivers/block/virtio_blk.c
@@ -865,11 +865,12 @@ static int virtblk_probe(struct virtio_device *vdev)
blk_queue_io_opt(q, blk_size * opt_io_size);
if (virtio_has_feature(vdev, VIRTIO_BLK_F_DISCARD)) {
- q->limits.discard_granularity = blk_size;
-
virtio_cread(vdev, struct virtio_blk_config,
discard_sector_alignment, &v);
- q->limits.discard_alignment = v ? v << SECTOR_SHIFT : 0;
+ if (v)
+ q->limits.discard_granularity = v << SECTOR_SHIFT;
+ else
+ q->limits.discard_granularity = blk_size;
virtio_cread(vdev, struct virtio_blk_config,
max_discard_sectors, &v);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 184/452] x86: Fix return value of __setup handlers
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 183/452] virtio_blk: fix the discard_granularity and discard_alignment queue limits Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 185/452] irqchip/exiu: Fix acknowledgment of edge triggered interrupts Greg Kroah-Hartman
` (273 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Igor Zhbanov, Randy Dunlap,
Borislav Petkov, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 12441ccdf5e2f5a01a46e344976cbbd3d46845c9 ]
__setup() handlers should return 1 to obsolete_checksetup() in
init/main.c to indicate that the boot option has been handled. A return
of 0 causes the boot option/value to be listed as an Unknown kernel
parameter and added to init's (limited) argument (no '=') or environment
(with '=') strings. So return 1 from these x86 __setup handlers.
Examples:
Unknown kernel command line parameters "apicpmtimer
BOOT_IMAGE=/boot/bzImage-517rc8 vdso=1 ring3mwait=disable", will be
passed to user space.
Run /sbin/init as init process
with arguments:
/sbin/init
apicpmtimer
with environment:
HOME=/
TERM=linux
BOOT_IMAGE=/boot/bzImage-517rc8
vdso=1
ring3mwait=disable
Fixes: 2aae950b21e4 ("x86_64: Add vDSO for x86-64 with gettimeofday/clock_gettime/getcpu")
Fixes: 77b52b4c5c66 ("x86: add "debugpat" boot option")
Fixes: e16fd002afe2 ("x86/cpufeature: Enable RING3MWAIT for Knights Landing")
Fixes: b8ce33590687 ("x86_64: convert to clock events")
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Link: https://lore.kernel.org/r/20220314012725.26661-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/entry/vdso/vma.c | 2 +-
arch/x86/kernel/apic/apic.c | 2 +-
arch/x86/kernel/cpu/intel.c | 2 +-
arch/x86/mm/pat/memtype.c | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c
index 9185cb1d13b9..5876289e48d8 100644
--- a/arch/x86/entry/vdso/vma.c
+++ b/arch/x86/entry/vdso/vma.c
@@ -440,7 +440,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
static __init int vdso_setup(char *s)
{
vdso64_enabled = simple_strtoul(s, NULL, 0);
- return 0;
+ return 1;
}
__setup("vdso=", vdso_setup);
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index 24539a05c58c..1c96f2425eaf 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -168,7 +168,7 @@ static __init int setup_apicpmtimer(char *s)
{
apic_calibrate_pmtmr = 1;
notsc_setup(NULL);
- return 0;
+ return 1;
}
__setup("apicpmtimer", setup_apicpmtimer);
#endif
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 816fdbec795a..c6ad53e38f65 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -88,7 +88,7 @@ static bool ring3mwait_disabled __read_mostly;
static int __init ring3mwait_disable(char *__unused)
{
ring3mwait_disabled = true;
- return 0;
+ return 1;
}
__setup("ring3mwait=disable", ring3mwait_disable);
diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c
index 232932bda4e5..f9c53a710740 100644
--- a/arch/x86/mm/pat/memtype.c
+++ b/arch/x86/mm/pat/memtype.c
@@ -101,7 +101,7 @@ int pat_debug_enable;
static int __init pat_debug_setup(char *str)
{
pat_debug_enable = 1;
- return 0;
+ return 1;
}
__setup("debugpat", pat_debug_setup);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 185/452] irqchip/exiu: Fix acknowledgment of edge triggered interrupts
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 184/452] x86: Fix return value of __setup handlers Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 186/452] irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
` (272 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Thompson, Ard Biesheuvel,
Marc Zyngier, Sasha Levin
From: Daniel Thompson <daniel.thompson@linaro.org>
[ Upstream commit 4efc851c36e389f7ed432edac0149acc5f94b0c7 ]
Currently the EXIU uses the fasteoi interrupt flow that is configured by
it's parent (irq-gic-v3.c). With this flow the only chance to clear the
interrupt request happens during .irq_eoi() and (obviously) this happens
after the interrupt handler has run. EXIU requires edge triggered
interrupts to be acked prior to interrupt handling. Without this we
risk incorrect interrupt dismissal when a new interrupt is delivered
after the handler reads and acknowledges the peripheral but before the
irq_eoi() takes place.
Fix this by clearing the interrupt request from .irq_ack() if we are
configured for edge triggered interrupts. This requires adopting the
fasteoi-ack flow instead of the fasteoi to ensure the ack gets called.
These changes have been tested using the power button on a
Developerbox/SC2A11 combined with some hackery in gpio-keys so I can
play with the different trigger mode [and an mdelay(500) so I can
can check what happens on a double click in both modes].
Fixes: 706cffc1b912 ("irqchip/exiu: Add support for Socionext Synquacer EXIU controller")
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20220503134541.2566457-1-daniel.thompson@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/Kconfig.platforms | 1 +
drivers/irqchip/irq-sni-exiu.c | 25 ++++++++++++++++++++++---
2 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/Kconfig.platforms b/arch/arm64/Kconfig.platforms
index 5c4ac1c9f4e0..889e78f40a25 100644
--- a/arch/arm64/Kconfig.platforms
+++ b/arch/arm64/Kconfig.platforms
@@ -250,6 +250,7 @@ config ARCH_STRATIX10
config ARCH_SYNQUACER
bool "Socionext SynQuacer SoC Family"
+ select IRQ_FASTEOI_HIERARCHY_HANDLERS
config ARCH_TEGRA
bool "NVIDIA Tegra SoC Family"
diff --git a/drivers/irqchip/irq-sni-exiu.c b/drivers/irqchip/irq-sni-exiu.c
index abd011fcecf4..c7db617e1a2f 100644
--- a/drivers/irqchip/irq-sni-exiu.c
+++ b/drivers/irqchip/irq-sni-exiu.c
@@ -37,11 +37,26 @@ struct exiu_irq_data {
u32 spi_base;
};
-static void exiu_irq_eoi(struct irq_data *d)
+static void exiu_irq_ack(struct irq_data *d)
{
struct exiu_irq_data *data = irq_data_get_irq_chip_data(d);
writel(BIT(d->hwirq), data->base + EIREQCLR);
+}
+
+static void exiu_irq_eoi(struct irq_data *d)
+{
+ struct exiu_irq_data *data = irq_data_get_irq_chip_data(d);
+
+ /*
+ * Level triggered interrupts are latched and must be cleared during
+ * EOI or the interrupt will be jammed on. Of course if a level
+ * triggered interrupt is still asserted then the write will not clear
+ * the interrupt.
+ */
+ if (irqd_is_level_type(d))
+ writel(BIT(d->hwirq), data->base + EIREQCLR);
+
irq_chip_eoi_parent(d);
}
@@ -91,10 +106,13 @@ static int exiu_irq_set_type(struct irq_data *d, unsigned int type)
writel_relaxed(val, data->base + EILVL);
val = readl_relaxed(data->base + EIEDG);
- if (type == IRQ_TYPE_LEVEL_LOW || type == IRQ_TYPE_LEVEL_HIGH)
+ if (type == IRQ_TYPE_LEVEL_LOW || type == IRQ_TYPE_LEVEL_HIGH) {
val &= ~BIT(d->hwirq);
- else
+ irq_set_handler_locked(d, handle_fasteoi_irq);
+ } else {
val |= BIT(d->hwirq);
+ irq_set_handler_locked(d, handle_fasteoi_ack_irq);
+ }
writel_relaxed(val, data->base + EIEDG);
writel_relaxed(BIT(d->hwirq), data->base + EIREQCLR);
@@ -104,6 +122,7 @@ static int exiu_irq_set_type(struct irq_data *d, unsigned int type)
static struct irq_chip exiu_irq_chip = {
.name = "EXIU",
+ .irq_ack = exiu_irq_ack,
.irq_eoi = exiu_irq_eoi,
.irq_enable = exiu_irq_enable,
.irq_mask = exiu_irq_mask,
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 186/452] irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 185/452] irqchip/exiu: Fix acknowledgment of edge triggered interrupts Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 187/452] irqchip/aspeed-scu-ic: " Greg Kroah-Hartman
` (271 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Marc Zyngier,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 50f0f26e7c8665763d0d7d3372dbcf191f94d077 ]
The irq_of_parse_and_map() returns 0 on failure, not a negative ERRNO.
Fixes: f48e699ddf70 ("irqchip/aspeed-i2c-ic: Add I2C IRQ controller for Aspeed")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20220423094227.33148-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-aspeed-i2c-ic.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/irqchip/irq-aspeed-i2c-ic.c b/drivers/irqchip/irq-aspeed-i2c-ic.c
index 8d591c179f81..3d3210828e9b 100644
--- a/drivers/irqchip/irq-aspeed-i2c-ic.c
+++ b/drivers/irqchip/irq-aspeed-i2c-ic.c
@@ -79,8 +79,8 @@ static int __init aspeed_i2c_ic_of_init(struct device_node *node,
}
i2c_ic->parent_irq = irq_of_parse_and_map(node, 0);
- if (i2c_ic->parent_irq < 0) {
- ret = i2c_ic->parent_irq;
+ if (!i2c_ic->parent_irq) {
+ ret = -EINVAL;
goto err_iounmap;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 187/452] irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 186/452] irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 188/452] x86/mm: Cleanup the control_va_addr_alignment() __setup handler Greg Kroah-Hartman
` (270 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Marc Zyngier,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit f03a9670d27d23fe734a456f16e2579b21ec02b4 ]
The irq_of_parse_and_map() returns 0 on failure, not a negative ERRNO.
Fixes: 04f605906ff0 ("irqchip: Add Aspeed SCU interrupt controller")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20220423094227.33148-2-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-aspeed-scu-ic.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/irqchip/irq-aspeed-scu-ic.c b/drivers/irqchip/irq-aspeed-scu-ic.c
index 0f0aac7cc114..7cb13364ecfa 100644
--- a/drivers/irqchip/irq-aspeed-scu-ic.c
+++ b/drivers/irqchip/irq-aspeed-scu-ic.c
@@ -159,8 +159,8 @@ static int aspeed_scu_ic_of_init_common(struct aspeed_scu_ic *scu_ic,
}
irq = irq_of_parse_and_map(node, 0);
- if (irq < 0) {
- rc = irq;
+ if (!irq) {
+ rc = -EINVAL;
goto err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 188/452] x86/mm: Cleanup the control_va_addr_alignment() __setup handler
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 187/452] irqchip/aspeed-scu-ic: " Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 189/452] arm64: fix types in copy_highpage() Greg Kroah-Hartman
` (269 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Igor Zhbanov, Randy Dunlap,
Borislav Petkov, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 1ef64b1e89e6d4018da46e08ffc32779a31160c7 ]
Clean up control_va_addr_alignment():
a. Make '=' required instead of optional (as documented).
b. Print a warning if an invalid option value is used.
c. Return 1 from the __setup handler when an invalid option value is
used. This prevents the kernel from polluting init's (limited)
environment space with the entire string.
Fixes: dfb09f9b7ab0 ("x86, amd: Avoid cache aliasing penalties on AMD family 15h")
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Link: https://lore.kernel.org/r/20220315001045.7680-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/sys_x86_64.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
index 504fa5425bce..3fd1c81eb5e3 100644
--- a/arch/x86/kernel/sys_x86_64.c
+++ b/arch/x86/kernel/sys_x86_64.c
@@ -68,9 +68,6 @@ static int __init control_va_addr_alignment(char *str)
if (*str == 0)
return 1;
- if (*str == '=')
- str++;
-
if (!strcmp(str, "32"))
va_align.flags = ALIGN_VA_32;
else if (!strcmp(str, "64"))
@@ -80,11 +77,11 @@ static int __init control_va_addr_alignment(char *str)
else if (!strcmp(str, "on"))
va_align.flags = ALIGN_VA_32 | ALIGN_VA_64;
else
- return 0;
+ pr_warn("invalid option value: 'align_va_addr=%s'\n", str);
return 1;
}
-__setup("align_va_addr", control_va_addr_alignment);
+__setup("align_va_addr=", control_va_addr_alignment);
SYSCALL_DEFINE6(mmap, unsigned long, addr, unsigned long, len,
unsigned long, prot, unsigned long, flags,
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 189/452] arm64: fix types in copy_highpage()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 188/452] x86/mm: Cleanup the control_va_addr_alignment() __setup handler Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 190/452] regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET Greg Kroah-Hartman
` (268 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tong Tiangen, Mark Rutland,
Kefeng Wang, Catalin Marinas, Sasha Levin
From: Tong Tiangen <tongtiangen@huawei.com>
[ Upstream commit 921d161f15d6b090599f6a8c23f131969edbd1fa ]
In copy_highpage() the `kto` and `kfrom` local variables are pointers to
struct page, but these are used to hold arbitrary pointers to kernel memory
. Each call to page_address() returns a void pointer to memory associated
with the relevant page, and copy_page() expects void pointers to this
memory.
This inconsistency was introduced in commit 2563776b41c3 ("arm64: mte:
Tags-aware copy_{user_,}highpage() implementations") and while this
doesn't appear to be harmful in practice it is clearly wrong.
Correct this by making `kto` and `kfrom` void pointers.
Fixes: 2563776b41c3 ("arm64: mte: Tags-aware copy_{user_,}highpage() implementations")
Signed-off-by: Tong Tiangen <tongtiangen@huawei.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Link: https://lore.kernel.org/r/20220420030418.3189040-3-tongtiangen@huawei.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/mm/copypage.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/mm/copypage.c b/arch/arm64/mm/copypage.c
index 70a71f38b6a9..24913271e898 100644
--- a/arch/arm64/mm/copypage.c
+++ b/arch/arm64/mm/copypage.c
@@ -16,8 +16,8 @@
void copy_highpage(struct page *to, struct page *from)
{
- struct page *kto = page_address(to);
- struct page *kfrom = page_address(from);
+ void *kto = page_address(to);
+ void *kfrom = page_address(from);
copy_page(kto, kfrom);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 190/452] regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 189/452] arm64: fix types in copy_highpage() Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 191/452] drm/msm/dp: fix event thread stuck in wait_event after kthread_stop() Greg Kroah-Hartman
` (267 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zev Weiss, Mark Brown, Sasha Levin
From: Zev Weiss <zev@bewilderbeest.net>
[ Upstream commit c3e3ca05dae37f8f74bb80358efd540911cbc2c8 ]
Since the introduction of regulator->enable_count, a driver that did
an exclusive get on an already-enabled regulator would end up with
enable_count initialized to 0 but rdev->use_count initialized to 1.
With that starting point the regulator is effectively stuck enabled,
because if the driver attempted to disable it it would fail the
enable_count underflow check in _regulator_handle_consumer_disable().
The EXCLUSIVE_GET path in _regulator_get() now initializes
enable_count along with rdev->use_count so that the regulator can be
disabled without underflowing the former.
Signed-off-by: Zev Weiss <zev@bewilderbeest.net>
Fixes: 5451781dadf85 ("regulator: core: Only count load for enabled consumers")
Link: https://lore.kernel.org/r/20220505043152.12933-1-zev@bewilderbeest.net
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/core.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
index 2c48e55c4104..6e3f3511e7dd 100644
--- a/drivers/regulator/core.c
+++ b/drivers/regulator/core.c
@@ -2027,10 +2027,13 @@ struct regulator *_regulator_get(struct device *dev, const char *id,
rdev->exclusive = 1;
ret = _regulator_is_enabled(rdev);
- if (ret > 0)
+ if (ret > 0) {
rdev->use_count = 1;
- else
+ regulator->enable_count = 1;
+ } else {
rdev->use_count = 0;
+ regulator->enable_count = 0;
+ }
}
link = device_link_add(dev, &rdev->dev, DL_FLAG_STATELESS);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 191/452] drm/msm/dp: fix event thread stuck in wait_event after kthread_stop()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 190/452] regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 192/452] drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected Greg Kroah-Hartman
` (266 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Baryshkov, Kuogee Hsieh,
Stephen Boyd, Sasha Levin
From: Kuogee Hsieh <quic_khsieh@quicinc.com>
[ Upstream commit 2f9b5b3ae2eb625b75a898212a76f3b8c6d0d2b0 ]
Event thread supposed to exit from its while loop after kthread_stop().
However there may has possibility that event thread is pending in the
middle of wait_event due to condition checking never become true.
To make sure event thread exit its loop after kthread_stop(), this
patch OR kthread_should_stop() into wait_event's condition checking
so that event thread will exit its loop after kernal_stop().
Changes in v2:
-- correct spelling error at commit title
Changes in v3:
-- remove unnecessary parenthesis
-- while(1) to replace while (!kthread_should_stop())
Reported-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Fixes: 570d3e5d28db ("drm/msm/dp: stop event kernel thread when DP unbind")
Signed-off-by: Kuogee Hsieh <quic_khsieh@quicinc.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Patchwork: https://patchwork.freedesktop.org/patch/484576/
Link: https://lore.kernel.org/r/1651595136-24312-1-git-send-email-quic_khsieh@quicinc.com
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/dp/dp_display.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/msm/dp/dp_display.c b/drivers/gpu/drm/msm/dp/dp_display.c
index 09c8e50da68d..ebd05678a27b 100644
--- a/drivers/gpu/drm/msm/dp/dp_display.c
+++ b/drivers/gpu/drm/msm/dp/dp_display.c
@@ -998,15 +998,20 @@ static int hpd_event_thread(void *data)
dp_priv = (struct dp_display_private *)data;
- while (!kthread_should_stop()) {
+ while (1) {
if (timeout_mode) {
wait_event_timeout(dp_priv->event_q,
- (dp_priv->event_pndx == dp_priv->event_gndx),
- EVENT_TIMEOUT);
+ (dp_priv->event_pndx == dp_priv->event_gndx) ||
+ kthread_should_stop(), EVENT_TIMEOUT);
} else {
wait_event_interruptible(dp_priv->event_q,
- (dp_priv->event_pndx != dp_priv->event_gndx));
+ (dp_priv->event_pndx != dp_priv->event_gndx) ||
+ kthread_should_stop());
}
+
+ if (kthread_should_stop())
+ break;
+
spin_lock_irqsave(&dp_priv->event_lock, flag);
todo = &dp_priv->event_list[dp_priv->event_gndx];
if (todo->delay) {
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 192/452] drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 191/452] drm/msm/dp: fix event thread stuck in wait_event after kthread_stop() Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 193/452] drm/msm/mdp5: Return error code in mdp5_mixer_release " Greg Kroah-Hartman
` (265 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tomeu Vizoso, Jessica Zhang,
Rob Clark, Dmitry Baryshkov, Sasha Levin
From: Jessica Zhang <quic_jesszhan@quicinc.com>
[ Upstream commit d59be579fa932c46b908f37509f319cbd4ca9a68 ]
mdp5_get_global_state runs the risk of hitting a -EDEADLK when acquiring
the modeset lock, but currently mdp5_pipe_release doesn't check for if
an error is returned. Because of this, there is a possibility of
mdp5_pipe_release hitting a NULL dereference error.
To avoid this, let's have mdp5_pipe_release check if
mdp5_get_global_state returns an error and propogate that error.
Changes since v1:
- Separated declaration and initialization of *new_state to avoid
compiler warning
- Fixed some spelling mistakes in commit message
Changes since v2:
- Return 0 in case where hwpipe is NULL as this is considered normal
behavior
- Added 2nd patch in series to fix a similar NULL dereference issue in
mdp5_mixer_release
Reported-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Signed-off-by: Jessica Zhang <quic_jesszhan@quicinc.com>
Fixes: 7907a0d77cb4 ("drm/msm/mdp5: Use the new private_obj state")
Reviewed-by: Rob Clark <robdclark@gmail.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/485179/
Link: https://lore.kernel.org/r/20220505214051.155-1-quic_jesszhan@quicinc.com
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c | 15 +++++++++++----
drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.h | 2 +-
drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c | 20 ++++++++++++++++----
3 files changed, 28 insertions(+), 9 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c
index ba6695963aa6..a4f5cb90f3e8 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c
@@ -119,18 +119,23 @@ int mdp5_pipe_assign(struct drm_atomic_state *s, struct drm_plane *plane,
return 0;
}
-void mdp5_pipe_release(struct drm_atomic_state *s, struct mdp5_hw_pipe *hwpipe)
+int mdp5_pipe_release(struct drm_atomic_state *s, struct mdp5_hw_pipe *hwpipe)
{
struct msm_drm_private *priv = s->dev->dev_private;
struct mdp5_kms *mdp5_kms = to_mdp5_kms(to_mdp_kms(priv->kms));
struct mdp5_global_state *state = mdp5_get_global_state(s);
- struct mdp5_hw_pipe_state *new_state = &state->hwpipe;
+ struct mdp5_hw_pipe_state *new_state;
if (!hwpipe)
- return;
+ return 0;
+
+ if (IS_ERR(state))
+ return PTR_ERR(state);
+
+ new_state = &state->hwpipe;
if (WARN_ON(!new_state->hwpipe_to_plane[hwpipe->idx]))
- return;
+ return -EINVAL;
DBG("%s: release from plane %s", hwpipe->name,
new_state->hwpipe_to_plane[hwpipe->idx]->name);
@@ -141,6 +146,8 @@ void mdp5_pipe_release(struct drm_atomic_state *s, struct mdp5_hw_pipe *hwpipe)
}
new_state->hwpipe_to_plane[hwpipe->idx] = NULL;
+
+ return 0;
}
void mdp5_pipe_destroy(struct mdp5_hw_pipe *hwpipe)
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.h b/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.h
index 9b26d0761bd4..cca67938cab2 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.h
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.h
@@ -37,7 +37,7 @@ int mdp5_pipe_assign(struct drm_atomic_state *s, struct drm_plane *plane,
uint32_t caps, uint32_t blkcfg,
struct mdp5_hw_pipe **hwpipe,
struct mdp5_hw_pipe **r_hwpipe);
-void mdp5_pipe_release(struct drm_atomic_state *s, struct mdp5_hw_pipe *hwpipe);
+int mdp5_pipe_release(struct drm_atomic_state *s, struct mdp5_hw_pipe *hwpipe);
struct mdp5_hw_pipe *mdp5_pipe_init(enum mdp5_pipe pipe,
uint32_t reg_offset, uint32_t caps);
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c
index da0799333970..0dc23c86747e 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c
@@ -393,12 +393,24 @@ static int mdp5_plane_atomic_check_with_state(struct drm_crtc_state *crtc_state,
mdp5_state->r_hwpipe = NULL;
- mdp5_pipe_release(state->state, old_hwpipe);
- mdp5_pipe_release(state->state, old_right_hwpipe);
+ ret = mdp5_pipe_release(state->state, old_hwpipe);
+ if (ret)
+ return ret;
+
+ ret = mdp5_pipe_release(state->state, old_right_hwpipe);
+ if (ret)
+ return ret;
+
}
} else {
- mdp5_pipe_release(state->state, mdp5_state->hwpipe);
- mdp5_pipe_release(state->state, mdp5_state->r_hwpipe);
+ ret = mdp5_pipe_release(state->state, mdp5_state->hwpipe);
+ if (ret)
+ return ret;
+
+ ret = mdp5_pipe_release(state->state, mdp5_state->r_hwpipe);
+ if (ret)
+ return ret;
+
mdp5_state->hwpipe = mdp5_state->r_hwpipe = NULL;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 193/452] drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 192/452] drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 194/452] drm/msm: return an error pointer in msm_gem_prime_get_sg_table() Greg Kroah-Hartman
` (264 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tomeu Vizoso, Jessica Zhang,
Rob Clark, Dmitry Baryshkov, Sasha Levin
From: Jessica Zhang <quic_jesszhan@quicinc.com>
[ Upstream commit ca75f6f7c6f89365e40f10f641b15981b1f07c31 ]
There is a possibility for mdp5_get_global_state to return
-EDEADLK when acquiring the modeset lock, but currently global_state in
mdp5_mixer_release doesn't check for if an error is returned.
To avoid a NULL dereference error, let's have mdp5_mixer_release
check if an error is returned and propagate that error.
Reported-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Signed-off-by: Jessica Zhang <quic_jesszhan@quicinc.com>
Fixes: 7907a0d77cb4 ("drm/msm/mdp5: Use the new private_obj state")
Reviewed-by: Rob Clark <robdclark@gmail.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/485181/
Link: https://lore.kernel.org/r/20220505214051.155-2-quic_jesszhan@quicinc.com
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c | 10 ++++++++--
drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.c | 15 +++++++++++----
drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.h | 4 ++--
3 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c
index a8fa084dfa49..06f19ef5dbf3 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c
@@ -608,9 +608,15 @@ int mdp5_crtc_setup_pipeline(struct drm_crtc *crtc,
if (ret)
return ret;
- mdp5_mixer_release(new_crtc_state->state, old_mixer);
+ ret = mdp5_mixer_release(new_crtc_state->state, old_mixer);
+ if (ret)
+ return ret;
+
if (old_r_mixer) {
- mdp5_mixer_release(new_crtc_state->state, old_r_mixer);
+ ret = mdp5_mixer_release(new_crtc_state->state, old_r_mixer);
+ if (ret)
+ return ret;
+
if (!need_right_mixer)
pipeline->r_mixer = NULL;
}
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.c
index 954db683ae44..2536def2a000 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.c
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.c
@@ -116,21 +116,28 @@ int mdp5_mixer_assign(struct drm_atomic_state *s, struct drm_crtc *crtc,
return 0;
}
-void mdp5_mixer_release(struct drm_atomic_state *s, struct mdp5_hw_mixer *mixer)
+int mdp5_mixer_release(struct drm_atomic_state *s, struct mdp5_hw_mixer *mixer)
{
struct mdp5_global_state *global_state = mdp5_get_global_state(s);
- struct mdp5_hw_mixer_state *new_state = &global_state->hwmixer;
+ struct mdp5_hw_mixer_state *new_state;
if (!mixer)
- return;
+ return 0;
+
+ if (IS_ERR(global_state))
+ return PTR_ERR(global_state);
+
+ new_state = &global_state->hwmixer;
if (WARN_ON(!new_state->hwmixer_to_crtc[mixer->idx]))
- return;
+ return -EINVAL;
DBG("%s: release from crtc %s", mixer->name,
new_state->hwmixer_to_crtc[mixer->idx]->name);
new_state->hwmixer_to_crtc[mixer->idx] = NULL;
+
+ return 0;
}
void mdp5_mixer_destroy(struct mdp5_hw_mixer *mixer)
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.h b/drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.h
index 43c9ba43ce18..545ee223b9d7 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.h
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.h
@@ -30,7 +30,7 @@ void mdp5_mixer_destroy(struct mdp5_hw_mixer *lm);
int mdp5_mixer_assign(struct drm_atomic_state *s, struct drm_crtc *crtc,
uint32_t caps, struct mdp5_hw_mixer **mixer,
struct mdp5_hw_mixer **r_mixer);
-void mdp5_mixer_release(struct drm_atomic_state *s,
- struct mdp5_hw_mixer *mixer);
+int mdp5_mixer_release(struct drm_atomic_state *s,
+ struct mdp5_hw_mixer *mixer);
#endif /* __MDP5_LM_H__ */
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 194/452] drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 193/452] drm/msm/mdp5: Return error code in mdp5_mixer_release " Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 195/452] media: uvcvideo: Fix missing check to determine if element is found in list Greg Kroah-Hartman
` (263 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Dmitry Baryshkov, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit cf575e31611eb6dccf08fad02e57e35b2187704d ]
The msm_gem_prime_get_sg_table() needs to return error pointers on
error. This is called from drm_gem_map_dma_buf() and returning a
NULL will lead to a crash in that function.
Fixes: ac45146733b0 ("drm/msm: fix msm_gem_prime_get_sg_table()")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/485023/
Link: https://lore.kernel.org/r/YnOmtS5tfENywR9m@kili
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/msm_gem_prime.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/msm_gem_prime.c b/drivers/gpu/drm/msm/msm_gem_prime.c
index 515ef80816a0..8c64ce7288f1 100644
--- a/drivers/gpu/drm/msm/msm_gem_prime.c
+++ b/drivers/gpu/drm/msm/msm_gem_prime.c
@@ -17,7 +17,7 @@ struct sg_table *msm_gem_prime_get_sg_table(struct drm_gem_object *obj)
int npages = obj->size >> PAGE_SHIFT;
if (WARN_ON(!msm_obj->pages)) /* should have already pinned! */
- return NULL;
+ return ERR_PTR(-ENOMEM);
return drm_prime_pages_to_sg(obj->dev, msm_obj->pages, npages);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 195/452] media: uvcvideo: Fix missing check to determine if element is found in list
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 194/452] drm/msm: return an error pointer in msm_gem_prime_get_sg_table() Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 196/452] iomap: iomap_write_failed fix Greg Kroah-Hartman
` (262 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Laurent Pinchart,
Mauro Carvalho Chehab, Sasha Levin
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
[ Upstream commit 261f33388c29f6f3c12a724e6d89172b7f6d5996 ]
The list iterator will point to a bogus position containing HEAD if
the list is empty or the element is not found in list. This case
should be checked before any use of the iterator, otherwise it will
lead to a invalid memory access. The missing check here is before
"pin = iterm->id;", just add check here to fix the security bug.
In addition, the list iterator value will *always* be set and non-NULL
by list_for_each_entry(), so it is incorrect to assume that the iterator
value will be NULL if the element is not found in list, considering
the (mis)use here: "if (iterm == NULL".
Use a new value 'it' as the list iterator, while use the old value
'iterm' as a dedicated pointer to point to the found element, which
1. can fix this bug, due to 'iterm' is NULL only if it's not found.
2. do not need to change all the uses of 'iterm' after the loop.
3. can also limit the scope of the list iterator 'it' *only inside*
the traversal loop by simply declaring 'it' inside the loop in the
future, as usage of the iterator outside of the list_for_each_entry
is considered harmful. https://lkml.org/lkml/2022/2/17/1032
Fixes: d5e90b7a6cd1c ("[media] uvcvideo: Move to video_ioctl2")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/uvc/uvc_v4l2.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c
index 753b8a99e08f..b40a2b904ace 100644
--- a/drivers/media/usb/uvc/uvc_v4l2.c
+++ b/drivers/media/usb/uvc/uvc_v4l2.c
@@ -863,29 +863,31 @@ static int uvc_ioctl_enum_input(struct file *file, void *fh,
struct uvc_video_chain *chain = handle->chain;
const struct uvc_entity *selector = chain->selector;
struct uvc_entity *iterm = NULL;
+ struct uvc_entity *it;
u32 index = input->index;
- int pin = 0;
if (selector == NULL ||
(chain->dev->quirks & UVC_QUIRK_IGNORE_SELECTOR_UNIT)) {
if (index != 0)
return -EINVAL;
- list_for_each_entry(iterm, &chain->entities, chain) {
- if (UVC_ENTITY_IS_ITERM(iterm))
+ list_for_each_entry(it, &chain->entities, chain) {
+ if (UVC_ENTITY_IS_ITERM(it)) {
+ iterm = it;
break;
+ }
}
- pin = iterm->id;
} else if (index < selector->bNrInPins) {
- pin = selector->baSourceID[index];
- list_for_each_entry(iterm, &chain->entities, chain) {
- if (!UVC_ENTITY_IS_ITERM(iterm))
+ list_for_each_entry(it, &chain->entities, chain) {
+ if (!UVC_ENTITY_IS_ITERM(it))
continue;
- if (iterm->id == pin)
+ if (it->id == selector->baSourceID[index]) {
+ iterm = it;
break;
+ }
}
}
- if (iterm == NULL || iterm->id != pin)
+ if (iterm == NULL)
return -EINVAL;
memset(input, 0, sizeof(*input));
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 196/452] iomap: iomap_write_failed fix
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 195/452] media: uvcvideo: Fix missing check to determine if element is found in list Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 197/452] spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() Greg Kroah-Hartman
` (261 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andreas Gruenbacher, Darrick J. Wong,
Sasha Levin
From: Andreas Gruenbacher <agruenba@redhat.com>
[ Upstream commit b71450e2cc4b3c79f33c5bd276d152af9bd54f79 ]
The @lend parameter of truncate_pagecache_range() should be the offset
of the last byte of the hole, not the first byte beyond it.
Fixes: ae259a9c8593 ("fs: introduce iomap infrastructure")
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/iomap/buffered-io.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c
index cd9f7baa5bb7..dd33b31b0a82 100644
--- a/fs/iomap/buffered-io.c
+++ b/fs/iomap/buffered-io.c
@@ -528,7 +528,8 @@ iomap_write_failed(struct inode *inode, loff_t pos, unsigned len)
* write started inside the existing inode size.
*/
if (pos + len > i_size)
- truncate_pagecache_range(inode, max(pos, i_size), pos + len);
+ truncate_pagecache_range(inode, max(pos, i_size),
+ pos + len - 1);
}
static int
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 197/452] spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 196/452] iomap: iomap_write_failed fix Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 198/452] Revert "cpufreq: Fix possible race in cpufreq online error path" Greg Kroah-Hartman
` (260 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Mark Brown, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit a2b331ac11e1cac56f5b7d367e9f3c5796deaaed ]
It will cause null-ptr-deref if platform_get_resource_byname() returns NULL,
we need check the return value.
Fixes: 858e26a515c2 ("spi: spi-fsl-qspi: Reduce devm_ioremap size to 4 times AHB buffer size")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20220505093954.1285615-1-yangyingliang@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-fsl-qspi.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/spi/spi-fsl-qspi.c b/drivers/spi/spi-fsl-qspi.c
index 9851551ebbe0..46ae46a944c5 100644
--- a/drivers/spi/spi-fsl-qspi.c
+++ b/drivers/spi/spi-fsl-qspi.c
@@ -876,6 +876,10 @@ static int fsl_qspi_probe(struct platform_device *pdev)
res = platform_get_resource_byname(pdev, IORESOURCE_MEM,
"QuadSPI-memory");
+ if (!res) {
+ ret = -EINVAL;
+ goto err_put_ctrl;
+ }
q->memmap_phy = res->start;
/* Since there are 4 cs, map size required is 4 times ahb_buf_size */
q->ahb_addr = devm_ioremap(dev, q->memmap_phy,
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 198/452] Revert "cpufreq: Fix possible race in cpufreq online error path"
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 197/452] spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 199/452] regulator: qcom_smd: Fix up PM8950 regulator configuration Greg Kroah-Hartman
` (259 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Viresh Kumar, Rafael J. Wysocki, Sasha Levin
From: Viresh Kumar <viresh.kumar@linaro.org>
[ Upstream commit 85f0e42bd65d01b351d561efb38e584d4c596553 ]
This reverts commit f346e96267cd76175d6c201b40f770c0116a8a04.
The commit tried to fix a possible real bug but it made it even worse.
The fix was simply buggy as now an error out to out_offline_policy or
out_exit_policy will try to release a semaphore which was never taken in
the first place. This works fine only if we failed late, i.e. via
out_destroy_policy.
Fixes: f346e96267cd ("cpufreq: Fix possible race in cpufreq online error path")
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/cpufreq.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
index 3540ea93b6f1..30dafe8fc505 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -1515,6 +1515,8 @@ static int cpufreq_online(unsigned int cpu)
for_each_cpu(j, policy->real_cpus)
remove_cpu_dev_symlink(policy, get_cpu_device(j));
+ up_write(&policy->rwsem);
+
out_offline_policy:
if (cpufreq_driver->offline)
cpufreq_driver->offline(policy);
@@ -1523,9 +1525,6 @@ static int cpufreq_online(unsigned int cpu)
if (cpufreq_driver->exit)
cpufreq_driver->exit(policy);
- cpumask_clear(policy->cpus);
- up_write(&policy->rwsem);
-
out_free_policy:
cpufreq_policy_free(policy);
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 199/452] regulator: qcom_smd: Fix up PM8950 regulator configuration
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 198/452] Revert "cpufreq: Fix possible race in cpufreq online error path" Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 200/452] perf/amd/ibs: Use interrupt regs ip for stack unwinding Greg Kroah-Hartman
` (258 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Konrad Dybcio, Mark Brown, Sasha Levin
From: Konrad Dybcio <konrad.dybcio@somainline.org>
[ Upstream commit b11b3d21a94d66bc05d1142e0b210bfa316c62be ]
Following changes have been made:
- S5, L4, L18, L20 and L21 were removed (S5 is managed by
SPMI, whereas the rest seems not to exist [or at least it's blocked
by Sony Loire /MSM8956/ RPM firmware])
- Supply maps have were adjusted to reflect regulator changes.
Fixes: e44adca5fa25 ("regulator: qcom_smd: Add PM8950 regulators")
Signed-off-by: Konrad Dybcio <konrad.dybcio@somainline.org>
Link: https://lore.kernel.org/r/20220430163753.609909-1-konrad.dybcio@somainline.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/qcom_smd-regulator.c | 35 +++++++++++++-------------
1 file changed, 17 insertions(+), 18 deletions(-)
diff --git a/drivers/regulator/qcom_smd-regulator.c b/drivers/regulator/qcom_smd-regulator.c
index 8d784a2a09d8..05d227f9d2f2 100644
--- a/drivers/regulator/qcom_smd-regulator.c
+++ b/drivers/regulator/qcom_smd-regulator.c
@@ -844,32 +844,31 @@ static const struct rpm_regulator_data rpm_pm8950_regulators[] = {
{ "s2", QCOM_SMD_RPM_SMPA, 2, &pm8950_hfsmps, "vdd_s2" },
{ "s3", QCOM_SMD_RPM_SMPA, 3, &pm8950_hfsmps, "vdd_s3" },
{ "s4", QCOM_SMD_RPM_SMPA, 4, &pm8950_hfsmps, "vdd_s4" },
- { "s5", QCOM_SMD_RPM_SMPA, 5, &pm8950_ftsmps2p5, "vdd_s5" },
+ /* S5 is managed via SPMI. */
{ "s6", QCOM_SMD_RPM_SMPA, 6, &pm8950_hfsmps, "vdd_s6" },
{ "l1", QCOM_SMD_RPM_LDOA, 1, &pm8950_ult_nldo, "vdd_l1_l19" },
{ "l2", QCOM_SMD_RPM_LDOA, 2, &pm8950_ult_nldo, "vdd_l2_l23" },
{ "l3", QCOM_SMD_RPM_LDOA, 3, &pm8950_ult_nldo, "vdd_l3" },
- { "l4", QCOM_SMD_RPM_LDOA, 4, &pm8950_ult_pldo, "vdd_l4_l5_l6_l7_l16" },
- { "l5", QCOM_SMD_RPM_LDOA, 5, &pm8950_pldo_lv, "vdd_l4_l5_l6_l7_l16" },
- { "l6", QCOM_SMD_RPM_LDOA, 6, &pm8950_pldo_lv, "vdd_l4_l5_l6_l7_l16" },
- { "l7", QCOM_SMD_RPM_LDOA, 7, &pm8950_pldo_lv, "vdd_l4_l5_l6_l7_l16" },
+ /* L4 seems not to exist. */
+ { "l5", QCOM_SMD_RPM_LDOA, 5, &pm8950_pldo_lv, "vdd_l5_l6_l7_l16" },
+ { "l6", QCOM_SMD_RPM_LDOA, 6, &pm8950_pldo_lv, "vdd_l5_l6_l7_l16" },
+ { "l7", QCOM_SMD_RPM_LDOA, 7, &pm8950_pldo_lv, "vdd_l5_l6_l7_l16" },
{ "l8", QCOM_SMD_RPM_LDOA, 8, &pm8950_ult_pldo, "vdd_l8_l11_l12_l17_l22" },
{ "l9", QCOM_SMD_RPM_LDOA, 9, &pm8950_ult_pldo, "vdd_l9_l10_l13_l14_l15_l18" },
{ "l10", QCOM_SMD_RPM_LDOA, 10, &pm8950_ult_nldo, "vdd_l9_l10_l13_l14_l15_l18"},
- { "l11", QCOM_SMD_RPM_LDOA, 11, &pm8950_ult_pldo, "vdd_l8_l11_l12_l17_l22"},
- { "l12", QCOM_SMD_RPM_LDOA, 12, &pm8950_ult_pldo, "vdd_l8_l11_l12_l17_l22"},
- { "l13", QCOM_SMD_RPM_LDOA, 13, &pm8950_ult_pldo, "vdd_l9_l10_l13_l14_l15_l18"},
- { "l14", QCOM_SMD_RPM_LDOA, 14, &pm8950_ult_pldo, "vdd_l9_l10_l13_l14_l15_l18"},
- { "l15", QCOM_SMD_RPM_LDOA, 15, &pm8950_ult_pldo, "vdd_l9_l10_l13_l14_l15_l18"},
- { "l16", QCOM_SMD_RPM_LDOA, 16, &pm8950_ult_pldo, "vdd_l4_l5_l6_l7_l16"},
- { "l17", QCOM_SMD_RPM_LDOA, 17, &pm8950_ult_pldo, "vdd_l8_l11_l12_l17_l22"},
- { "l18", QCOM_SMD_RPM_LDOA, 18, &pm8950_ult_pldo, "vdd_l9_l10_l13_l14_l15_l18"},
- { "l19", QCOM_SMD_RPM_LDOA, 18, &pm8950_pldo, "vdd_l1_l19"},
- { "l20", QCOM_SMD_RPM_LDOA, 18, &pm8950_pldo, "vdd_l20"},
- { "l21", QCOM_SMD_RPM_LDOA, 18, &pm8950_pldo, "vdd_l21"},
- { "l22", QCOM_SMD_RPM_LDOA, 18, &pm8950_pldo, "vdd_l8_l11_l12_l17_l22"},
- { "l23", QCOM_SMD_RPM_LDOA, 18, &pm8950_pldo, "vdd_l2_l23"},
+ { "l11", QCOM_SMD_RPM_LDOA, 11, &pm8950_ult_pldo, "vdd_l8_l11_l12_l17_l22" },
+ { "l12", QCOM_SMD_RPM_LDOA, 12, &pm8950_ult_pldo, "vdd_l8_l11_l12_l17_l22" },
+ { "l13", QCOM_SMD_RPM_LDOA, 13, &pm8950_ult_pldo, "vdd_l9_l10_l13_l14_l15_l18" },
+ { "l14", QCOM_SMD_RPM_LDOA, 14, &pm8950_ult_pldo, "vdd_l9_l10_l13_l14_l15_l18" },
+ { "l15", QCOM_SMD_RPM_LDOA, 15, &pm8950_ult_pldo, "vdd_l9_l10_l13_l14_l15_l18" },
+ { "l16", QCOM_SMD_RPM_LDOA, 16, &pm8950_ult_pldo, "vdd_l5_l6_l7_l16" },
+ { "l17", QCOM_SMD_RPM_LDOA, 17, &pm8950_ult_pldo, "vdd_l8_l11_l12_l17_l22" },
+ /* L18 seems not to exist. */
+ { "l19", QCOM_SMD_RPM_LDOA, 19, &pm8950_pldo, "vdd_l1_l19" },
+ /* L20 & L21 seem not to exist. */
+ { "l22", QCOM_SMD_RPM_LDOA, 22, &pm8950_pldo, "vdd_l8_l11_l12_l17_l22" },
+ { "l23", QCOM_SMD_RPM_LDOA, 23, &pm8950_pldo, "vdd_l2_l23" },
{}
};
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 200/452] perf/amd/ibs: Use interrupt regs ip for stack unwinding
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 199/452] regulator: qcom_smd: Fix up PM8950 regulator configuration Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 201/452] ath11k: Dont check arvif->is_started before sending management frames Greg Kroah-Hartman
` (257 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmitry Monakhov, Peter Zijlstra,
Ravi Bangoria, Sasha Levin
From: Ravi Bangoria <ravi.bangoria@amd.com>
[ Upstream commit 3d47083b9ff46863e8374ad3bb5edb5e464c75f8 ]
IbsOpRip is recorded when IBS interrupt is triggered. But there is
a skid from the time IBS interrupt gets triggered to the time the
interrupt is presented to the core. Meanwhile processor would have
moved ahead and thus IbsOpRip will be inconsistent with rsp and rbp
recorded as part of the interrupt regs. This causes issues while
unwinding stack using the ORC unwinder as it needs consistent rip,
rsp and rbp. Fix this by using rip from interrupt regs instead of
IbsOpRip for stack unwinding.
Fixes: ee9f8fce99640 ("x86/unwind: Add the ORC unwinder")
Reported-by: Dmitry Monakhov <dmtrmonakhov@yandex-team.ru>
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Ravi Bangoria <ravi.bangoria@amd.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20220429051441.14251-1-ravi.bangoria@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/events/amd/ibs.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/arch/x86/events/amd/ibs.c b/arch/x86/events/amd/ibs.c
index 780d89d2ae32..8a85658a24cc 100644
--- a/arch/x86/events/amd/ibs.c
+++ b/arch/x86/events/amd/ibs.c
@@ -312,6 +312,16 @@ static int perf_ibs_init(struct perf_event *event)
hwc->config_base = perf_ibs->msr;
hwc->config = config;
+ /*
+ * rip recorded by IbsOpRip will not be consistent with rsp and rbp
+ * recorded as part of interrupt regs. Thus we need to use rip from
+ * interrupt regs while unwinding call stack. Setting _EARLY flag
+ * makes sure we unwind call-stack before perf sample rip is set to
+ * IbsOpRip.
+ */
+ if (event->attr.sample_type & PERF_SAMPLE_CALLCHAIN)
+ event->attr.sample_type |= __PERF_SAMPLE_CALLCHAIN_EARLY;
+
return 0;
}
@@ -692,6 +702,14 @@ static int perf_ibs_handle_irq(struct perf_ibs *perf_ibs, struct pt_regs *iregs)
data.raw = &raw;
}
+ /*
+ * rip recorded by IbsOpRip will not be consistent with rsp and rbp
+ * recorded as part of interrupt regs. Thus we need to use rip from
+ * interrupt regs while unwinding call stack.
+ */
+ if (event->attr.sample_type & PERF_SAMPLE_CALLCHAIN)
+ data.callchain = perf_callchain(event, iregs);
+
throttle = perf_event_overflow(event, &data, ®s);
out:
if (throttle) {
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 201/452] ath11k: Dont check arvif->is_started before sending management frames
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 200/452] perf/amd/ibs: Use interrupt regs ip for stack unwinding Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 202/452] ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe Greg Kroah-Hartman
` (256 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Baochen Qiang, Kalle Valo, Sasha Levin
From: Baochen Qiang <quic_bqiang@quicinc.com>
[ Upstream commit 355333a217541916576351446b5832fec7930566 ]
Commit 66307ca04057 ("ath11k: fix mgmt_tx_wmi cmd sent to FW for
deleted vdev") wants both of below two conditions are true before
sending management frames:
1: ar->allocated_vdev_map & (1LL << arvif->vdev_id)
2: arvif->is_started
Actually the second one is not necessary because with the first one
we can make sure the vdev is present.
Also use ar->conf_mutex to synchronize vdev delete and mgmt. TX.
This issue is found in case of Passpoint scenario where ath11k
needs to send action frames before vdev is started.
Fix it by removing the second condition.
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-01720.1-QCAHSPSWPL_V1_V2_SILICONZ_LITE-1
Fixes: 66307ca04057 ("ath11k: fix mgmt_tx_wmi cmd sent to FW for deleted vdev")
Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220506013614.1580274-3-quic_bqiang@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/mac.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
index b2928a5cf72e..44282aec069d 100644
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
@@ -4008,8 +4008,8 @@ static void ath11k_mgmt_over_wmi_tx_work(struct work_struct *work)
}
arvif = ath11k_vif_to_arvif(skb_cb->vif);
- if (ar->allocated_vdev_map & (1LL << arvif->vdev_id) &&
- arvif->is_started) {
+ mutex_lock(&ar->conf_mutex);
+ if (ar->allocated_vdev_map & (1LL << arvif->vdev_id)) {
ret = ath11k_mac_mgmt_tx_wmi(ar, arvif, skb);
if (ret) {
ath11k_warn(ar->ab, "failed to tx mgmt frame, vdev_id %d :%d\n",
@@ -4025,6 +4025,7 @@ static void ath11k_mgmt_over_wmi_tx_work(struct work_struct *work)
arvif->is_started);
ieee80211_free_txskb(ar->hw, skb);
}
+ mutex_unlock(&ar->conf_mutex);
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 202/452] ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 201/452] ath11k: Dont check arvif->is_started before sending management frames Greg Kroah-Hartman
@ 2022-06-07 17:00 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 203/452] ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe Greg Kroah-Hartman
` (255 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:00 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Fabio Estevam,
Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 41cd312dfe980af869c3503b4d38e62ed20dd3b7 ]
of_find_i2c_device_by_node() takes a reference,
In error paths, we should call put_device() to drop
the reference to aviod refount leak.
Fixes: 81e8e4926167 ("ASoC: fsl: add sgtl5000 clock support for imx-sgtl5000")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Link: https://lore.kernel.org/r/20220511065803.3957-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/imx-sgtl5000.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/sound/soc/fsl/imx-sgtl5000.c b/sound/soc/fsl/imx-sgtl5000.c
index f45cb4bbb6c4..5997bb5acb73 100644
--- a/sound/soc/fsl/imx-sgtl5000.c
+++ b/sound/soc/fsl/imx-sgtl5000.c
@@ -120,19 +120,19 @@ static int imx_sgtl5000_probe(struct platform_device *pdev)
data = devm_kzalloc(&pdev->dev, sizeof(*data), GFP_KERNEL);
if (!data) {
ret = -ENOMEM;
- goto fail;
+ goto put_device;
}
comp = devm_kzalloc(&pdev->dev, 3 * sizeof(*comp), GFP_KERNEL);
if (!comp) {
ret = -ENOMEM;
- goto fail;
+ goto put_device;
}
data->codec_clk = clk_get(&codec_dev->dev, NULL);
if (IS_ERR(data->codec_clk)) {
ret = PTR_ERR(data->codec_clk);
- goto fail;
+ goto put_device;
}
data->clk_frequency = clk_get_rate(data->codec_clk);
@@ -158,10 +158,10 @@ static int imx_sgtl5000_probe(struct platform_device *pdev)
data->card.dev = &pdev->dev;
ret = snd_soc_of_parse_card_name(&data->card, "model");
if (ret)
- goto fail;
+ goto put_device;
ret = snd_soc_of_parse_audio_routing(&data->card, "audio-routing");
if (ret)
- goto fail;
+ goto put_device;
data->card.num_links = 1;
data->card.owner = THIS_MODULE;
data->card.dai_link = &data->dai;
@@ -176,7 +176,7 @@ static int imx_sgtl5000_probe(struct platform_device *pdev)
if (ret != -EPROBE_DEFER)
dev_err(&pdev->dev, "snd_soc_register_card failed (%d)\n",
ret);
- goto fail;
+ goto put_device;
}
of_node_put(ssi_np);
@@ -184,6 +184,8 @@ static int imx_sgtl5000_probe(struct platform_device *pdev)
return 0;
+put_device:
+ put_device(&codec_dev->dev);
fail:
if (data && !IS_ERR(data->codec_clk))
clk_put(data->codec_clk);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 203/452] ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2022-06-07 17:00 ` [PATCH 5.10 202/452] ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 204/452] regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt Greg Kroah-Hartman
` (254 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 2be84f73785fa9ed6443e3c5b158730266f1c2ee ]
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Fixes: 08641c7c74dd ("ASoC: mxs: add device tree support for mxs-saif")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220511133725.39039-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/mxs/mxs-saif.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/mxs/mxs-saif.c b/sound/soc/mxs/mxs-saif.c
index f2eda81985e2..d87ac26999cf 100644
--- a/sound/soc/mxs/mxs-saif.c
+++ b/sound/soc/mxs/mxs-saif.c
@@ -764,6 +764,7 @@ static int mxs_saif_probe(struct platform_device *pdev)
saif->master_id = saif->id;
} else {
ret = of_alias_get_id(master, "saif");
+ of_node_put(master);
if (ret < 0)
return ret;
else
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 204/452] regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 203/452] ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 205/452] ASoC: samsung: Use dev_err_probe() helper Greg Kroah-Hartman
` (253 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit afaa7b933ef00a2d3262f4d1252087613fb5c06d ]
of_node_get() returns a node with refcount incremented.
Calling of_node_put() to drop the reference when not needed anymore.
Fixes: 3784b6d64dc5 ("regulator: pfuze100: add pfuze100 regulator driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220511113506.45185-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/pfuze100-regulator.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/regulator/pfuze100-regulator.c b/drivers/regulator/pfuze100-regulator.c
index 01a12cfcea7c..0a19500d3725 100644
--- a/drivers/regulator/pfuze100-regulator.c
+++ b/drivers/regulator/pfuze100-regulator.c
@@ -531,6 +531,7 @@ static int pfuze_parse_regulators_dt(struct pfuze_chip *chip)
parent = of_get_child_by_name(np, "regulators");
if (!parent) {
dev_err(dev, "regulators node not found\n");
+ of_node_put(np);
return -EINVAL;
}
@@ -560,6 +561,7 @@ static int pfuze_parse_regulators_dt(struct pfuze_chip *chip)
}
of_node_put(parent);
+ of_node_put(np);
if (ret < 0) {
dev_err(dev, "Error parsing regulator init data: %d\n",
ret);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 205/452] ASoC: samsung: Use dev_err_probe() helper
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 204/452] regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 206/452] ASoC: samsung: Fix refcount leak in aries_audio_probe Greg Kroah-Hartman
` (252 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kuninori Morimoto, Mark Brown, Sasha Levin
From: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
[ Upstream commit 27c6eaebcf75e4fac145d17c7fa76bc64b60d24c ]
Use the dev_err_probe() helper, instead of open-coding the same
operation.
Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Link: https://lore.kernel.org/r/20211214020843.2225831-21-kuninori.morimoto.gx@renesas.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/samsung/aries_wm8994.c | 17 +++++++----------
sound/soc/samsung/arndale.c | 5 ++---
sound/soc/samsung/littlemill.c | 5 ++---
sound/soc/samsung/lowland.c | 5 ++---
sound/soc/samsung/odroid.c | 4 +---
sound/soc/samsung/smdk_wm8994.c | 4 ++--
sound/soc/samsung/smdk_wm8994pcm.c | 4 ++--
sound/soc/samsung/snow.c | 9 +++------
sound/soc/samsung/speyside.c | 5 ++---
sound/soc/samsung/tm2_wm5110.c | 3 +--
sound/soc/samsung/tobermory.c | 5 ++---
11 files changed, 26 insertions(+), 40 deletions(-)
diff --git a/sound/soc/samsung/aries_wm8994.c b/sound/soc/samsung/aries_wm8994.c
index 0ac5956ba270..709336bbcc2f 100644
--- a/sound/soc/samsung/aries_wm8994.c
+++ b/sound/soc/samsung/aries_wm8994.c
@@ -585,19 +585,16 @@ static int aries_audio_probe(struct platform_device *pdev)
extcon_np = of_parse_phandle(np, "extcon", 0);
priv->usb_extcon = extcon_find_edev_by_node(extcon_np);
- if (IS_ERR(priv->usb_extcon)) {
- if (PTR_ERR(priv->usb_extcon) != -EPROBE_DEFER)
- dev_err(dev, "Failed to get extcon device");
- return PTR_ERR(priv->usb_extcon);
- }
+ if (IS_ERR(priv->usb_extcon))
+ return dev_err_probe(dev, PTR_ERR(priv->usb_extcon),
+ "Failed to get extcon device");
of_node_put(extcon_np);
priv->adc = devm_iio_channel_get(dev, "headset-detect");
- if (IS_ERR(priv->adc)) {
- if (PTR_ERR(priv->adc) != -EPROBE_DEFER)
- dev_err(dev, "Failed to get ADC channel");
- return PTR_ERR(priv->adc);
- }
+ if (IS_ERR(priv->adc))
+ return dev_err_probe(dev, PTR_ERR(priv->adc),
+ "Failed to get ADC channel");
+
if (priv->adc->channel->type != IIO_VOLTAGE)
return -EINVAL;
diff --git a/sound/soc/samsung/arndale.c b/sound/soc/samsung/arndale.c
index 28587375813a..35e34e534b8b 100644
--- a/sound/soc/samsung/arndale.c
+++ b/sound/soc/samsung/arndale.c
@@ -174,9 +174,8 @@ static int arndale_audio_probe(struct platform_device *pdev)
ret = devm_snd_soc_register_card(card->dev, card);
if (ret) {
- if (ret != -EPROBE_DEFER)
- dev_err(&pdev->dev,
- "snd_soc_register_card() failed: %d\n", ret);
+ dev_err_probe(&pdev->dev, ret,
+ "snd_soc_register_card() failed\n");
goto err_put_of_nodes;
}
return 0;
diff --git a/sound/soc/samsung/littlemill.c b/sound/soc/samsung/littlemill.c
index a1ff1400857e..e73356a66087 100644
--- a/sound/soc/samsung/littlemill.c
+++ b/sound/soc/samsung/littlemill.c
@@ -325,9 +325,8 @@ static int littlemill_probe(struct platform_device *pdev)
card->dev = &pdev->dev;
ret = devm_snd_soc_register_card(&pdev->dev, card);
- if (ret && ret != -EPROBE_DEFER)
- dev_err(&pdev->dev, "snd_soc_register_card() failed: %d\n",
- ret);
+ if (ret)
+ dev_err_probe(&pdev->dev, ret, "snd_soc_register_card() failed\n");
return ret;
}
diff --git a/sound/soc/samsung/lowland.c b/sound/soc/samsung/lowland.c
index 998d10cf8c94..7b12ccd2a9b2 100644
--- a/sound/soc/samsung/lowland.c
+++ b/sound/soc/samsung/lowland.c
@@ -183,9 +183,8 @@ static int lowland_probe(struct platform_device *pdev)
card->dev = &pdev->dev;
ret = devm_snd_soc_register_card(&pdev->dev, card);
- if (ret && ret != -EPROBE_DEFER)
- dev_err(&pdev->dev, "snd_soc_register_card() failed: %d\n",
- ret);
+ if (ret)
+ dev_err_probe(&pdev->dev, ret, "snd_soc_register_card() failed\n");
return ret;
}
diff --git a/sound/soc/samsung/odroid.c b/sound/soc/samsung/odroid.c
index ca643a488c3c..4ff12e2e704f 100644
--- a/sound/soc/samsung/odroid.c
+++ b/sound/soc/samsung/odroid.c
@@ -311,9 +311,7 @@ static int odroid_audio_probe(struct platform_device *pdev)
ret = devm_snd_soc_register_card(dev, card);
if (ret < 0) {
- if (ret != -EPROBE_DEFER)
- dev_err(dev, "snd_soc_register_card() failed: %d\n",
- ret);
+ dev_err_probe(dev, ret, "snd_soc_register_card() failed\n");
goto err_put_clk_i2s;
}
diff --git a/sound/soc/samsung/smdk_wm8994.c b/sound/soc/samsung/smdk_wm8994.c
index 64a1a64656ab..92cd9e8a2e61 100644
--- a/sound/soc/samsung/smdk_wm8994.c
+++ b/sound/soc/samsung/smdk_wm8994.c
@@ -178,8 +178,8 @@ static int smdk_audio_probe(struct platform_device *pdev)
ret = devm_snd_soc_register_card(&pdev->dev, card);
- if (ret && ret != -EPROBE_DEFER)
- dev_err(&pdev->dev, "snd_soc_register_card() failed:%d\n", ret);
+ if (ret)
+ dev_err_probe(&pdev->dev, ret, "snd_soc_register_card() failed\n");
return ret;
}
diff --git a/sound/soc/samsung/smdk_wm8994pcm.c b/sound/soc/samsung/smdk_wm8994pcm.c
index a01640576f71..110a51a4f870 100644
--- a/sound/soc/samsung/smdk_wm8994pcm.c
+++ b/sound/soc/samsung/smdk_wm8994pcm.c
@@ -118,8 +118,8 @@ static int snd_smdk_probe(struct platform_device *pdev)
smdk_pcm.dev = &pdev->dev;
ret = devm_snd_soc_register_card(&pdev->dev, &smdk_pcm);
- if (ret && ret != -EPROBE_DEFER)
- dev_err(&pdev->dev, "snd_soc_register_card failed %d\n", ret);
+ if (ret)
+ dev_err_probe(&pdev->dev, ret, "snd_soc_register_card failed\n");
return ret;
}
diff --git a/sound/soc/samsung/snow.c b/sound/soc/samsung/snow.c
index 07163f07c6d5..6aa2c66d8e8c 100644
--- a/sound/soc/samsung/snow.c
+++ b/sound/soc/samsung/snow.c
@@ -215,12 +215,9 @@ static int snow_probe(struct platform_device *pdev)
snd_soc_card_set_drvdata(card, priv);
ret = devm_snd_soc_register_card(dev, card);
- if (ret) {
- if (ret != -EPROBE_DEFER)
- dev_err(&pdev->dev,
- "snd_soc_register_card failed (%d)\n", ret);
- return ret;
- }
+ if (ret)
+ return dev_err_probe(&pdev->dev, ret,
+ "snd_soc_register_card failed\n");
return ret;
}
diff --git a/sound/soc/samsung/speyside.c b/sound/soc/samsung/speyside.c
index f5f6ba00d073..37b1f4f60b21 100644
--- a/sound/soc/samsung/speyside.c
+++ b/sound/soc/samsung/speyside.c
@@ -330,9 +330,8 @@ static int speyside_probe(struct platform_device *pdev)
card->dev = &pdev->dev;
ret = devm_snd_soc_register_card(&pdev->dev, card);
- if (ret && ret != -EPROBE_DEFER)
- dev_err(&pdev->dev, "snd_soc_register_card() failed: %d\n",
- ret);
+ if (ret)
+ dev_err_probe(&pdev->dev, ret, "snd_soc_register_card() failed\n");
return ret;
}
diff --git a/sound/soc/samsung/tm2_wm5110.c b/sound/soc/samsung/tm2_wm5110.c
index 125e07f65d2b..ca1be7a7cb8a 100644
--- a/sound/soc/samsung/tm2_wm5110.c
+++ b/sound/soc/samsung/tm2_wm5110.c
@@ -611,8 +611,7 @@ static int tm2_probe(struct platform_device *pdev)
ret = devm_snd_soc_register_card(dev, card);
if (ret < 0) {
- if (ret != -EPROBE_DEFER)
- dev_err(dev, "Failed to register card: %d\n", ret);
+ dev_err_probe(dev, ret, "Failed to register card\n");
goto dai_node_put;
}
diff --git a/sound/soc/samsung/tobermory.c b/sound/soc/samsung/tobermory.c
index c962d2c2a7f7..95c6267b0c0c 100644
--- a/sound/soc/samsung/tobermory.c
+++ b/sound/soc/samsung/tobermory.c
@@ -229,9 +229,8 @@ static int tobermory_probe(struct platform_device *pdev)
card->dev = &pdev->dev;
ret = devm_snd_soc_register_card(&pdev->dev, card);
- if (ret && ret != -EPROBE_DEFER)
- dev_err(&pdev->dev, "snd_soc_register_card() failed: %d\n",
- ret);
+ if (ret)
+ dev_err_probe(&pdev->dev, ret, "snd_soc_register_card() failed\n");
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 206/452] ASoC: samsung: Fix refcount leak in aries_audio_probe
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 205/452] ASoC: samsung: Use dev_err_probe() helper Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 207/452] kselftest/cgroup: fix test_stress.sh to use OUTPUT dir Greg Kroah-Hartman
` (251 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Krzysztof Kozlowski,
Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit bf4a9b2467b775717d0e9034ad916888e19713a3 ]
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
If extcon_find_edev_by_node() fails, it doesn't call of_node_put()
Calling of_node_put() after extcon_find_edev_by_node() to fix this.
Fixes: 7a3a7671fa6c ("ASoC: samsung: Add driver for Aries boards")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220512043828.496-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/samsung/aries_wm8994.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/samsung/aries_wm8994.c b/sound/soc/samsung/aries_wm8994.c
index 709336bbcc2f..18458192aff1 100644
--- a/sound/soc/samsung/aries_wm8994.c
+++ b/sound/soc/samsung/aries_wm8994.c
@@ -585,10 +585,10 @@ static int aries_audio_probe(struct platform_device *pdev)
extcon_np = of_parse_phandle(np, "extcon", 0);
priv->usb_extcon = extcon_find_edev_by_node(extcon_np);
+ of_node_put(extcon_np);
if (IS_ERR(priv->usb_extcon))
return dev_err_probe(dev, PTR_ERR(priv->usb_extcon),
"Failed to get extcon device");
- of_node_put(extcon_np);
priv->adc = devm_iio_channel_get(dev, "headset-detect");
if (IS_ERR(priv->adc))
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 207/452] kselftest/cgroup: fix test_stress.sh to use OUTPUT dir
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 206/452] ASoC: samsung: Fix refcount leak in aries_audio_probe Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 208/452] scripts/faddr2line: Fix overlapping text section failures Greg Kroah-Hartman
` (250 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Phil Auld, Tejun Heo, Sasha Levin
From: Phil Auld <pauld@redhat.com>
[ Upstream commit 54de76c0123915e7533ce352de30a1f2d80fe81f ]
Running cgroup kselftest with O= fails to run the with_stress test due
to hardcoded ./test_core. Find test_core binary using the OUTPUT directory.
Fixes: 1a99fcc035fb ("selftests: cgroup: Run test_core under interfering stress")
Signed-off-by: Phil Auld <pauld@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/cgroup/test_stress.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/cgroup/test_stress.sh b/tools/testing/selftests/cgroup/test_stress.sh
index 15d9d5896394..109c044f715f 100755
--- a/tools/testing/selftests/cgroup/test_stress.sh
+++ b/tools/testing/selftests/cgroup/test_stress.sh
@@ -1,4 +1,4 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
-./with_stress.sh -s subsys -s fork ./test_core
+./with_stress.sh -s subsys -s fork ${OUTPUT}/test_core
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 208/452] scripts/faddr2line: Fix overlapping text section failures
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 207/452] kselftest/cgroup: fix test_stress.sh to use OUTPUT dir Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 209/452] media: aspeed: Fix an error handling path in aspeed_video_probe() Greg Kroah-Hartman
` (249 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kaiwan N Billimoria, Peter Zijlstra,
Josh Poimboeuf, Sasha Levin
From: Josh Poimboeuf <jpoimboe@kernel.org>
[ Upstream commit 1d1a0e7c5100d332583e20b40aa8c0a8ed3d7849 ]
There have been some recent reports of faddr2line failures:
$ scripts/faddr2line sound/soundcore.ko sound_devnode+0x5/0x35
bad symbol size: base: 0x0000000000000000 end: 0x0000000000000000
$ ./scripts/faddr2line vmlinux.o enter_from_user_mode+0x24
bad symbol size: base: 0x0000000000005fe0 end: 0x0000000000005fe0
The problem is that faddr2line is based on 'nm', which has a major
limitation: it doesn't know how to distinguish between different text
sections. So if an offset exists in multiple text sections in the
object, it may fail.
Rewrite faddr2line to be section-aware, by basing it on readelf.
Fixes: 67326666e2d4 ("scripts: add script for translating stack dump function offsets")
Reported-by: Kaiwan N Billimoria <kaiwan.billimoria@gmail.com>
Reported-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Link: https://lore.kernel.org/r/29ff99f86e3da965b6e46c1cc2d72ce6528c17c3.1652382321.git.jpoimboe@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/faddr2line | 150 +++++++++++++++++++++++++++++----------------
1 file changed, 97 insertions(+), 53 deletions(-)
diff --git a/scripts/faddr2line b/scripts/faddr2line
index 6c6439f69a72..0e6268d59883 100755
--- a/scripts/faddr2line
+++ b/scripts/faddr2line
@@ -44,17 +44,6 @@
set -o errexit
set -o nounset
-READELF="${CROSS_COMPILE:-}readelf"
-ADDR2LINE="${CROSS_COMPILE:-}addr2line"
-SIZE="${CROSS_COMPILE:-}size"
-NM="${CROSS_COMPILE:-}nm"
-
-command -v awk >/dev/null 2>&1 || die "awk isn't installed"
-command -v ${READELF} >/dev/null 2>&1 || die "readelf isn't installed"
-command -v ${ADDR2LINE} >/dev/null 2>&1 || die "addr2line isn't installed"
-command -v ${SIZE} >/dev/null 2>&1 || die "size isn't installed"
-command -v ${NM} >/dev/null 2>&1 || die "nm isn't installed"
-
usage() {
echo "usage: faddr2line [--list] <object file> <func+offset> <func+offset>..." >&2
exit 1
@@ -69,6 +58,14 @@ die() {
exit 1
}
+READELF="${CROSS_COMPILE:-}readelf"
+ADDR2LINE="${CROSS_COMPILE:-}addr2line"
+AWK="awk"
+
+command -v ${AWK} >/dev/null 2>&1 || die "${AWK} isn't installed"
+command -v ${READELF} >/dev/null 2>&1 || die "${READELF} isn't installed"
+command -v ${ADDR2LINE} >/dev/null 2>&1 || die "${ADDR2LINE} isn't installed"
+
# Try to figure out the source directory prefix so we can remove it from the
# addr2line output. HACK ALERT: This assumes that start_kernel() is in
# init/main.c! This only works for vmlinux. Otherwise it falls back to
@@ -76,7 +73,7 @@ die() {
find_dir_prefix() {
local objfile=$1
- local start_kernel_addr=$(${READELF} -sW $objfile | awk '$8 == "start_kernel" {printf "0x%s", $2}')
+ local start_kernel_addr=$(${READELF} --symbols --wide $objfile | ${AWK} '$8 == "start_kernel" {printf "0x%s", $2}')
[[ -z $start_kernel_addr ]] && return
local file_line=$(${ADDR2LINE} -e $objfile $start_kernel_addr)
@@ -97,86 +94,133 @@ __faddr2line() {
local dir_prefix=$3
local print_warnings=$4
- local func=${func_addr%+*}
+ local sym_name=${func_addr%+*}
local offset=${func_addr#*+}
offset=${offset%/*}
- local size=
- [[ $func_addr =~ "/" ]] && size=${func_addr#*/}
+ local user_size=
+ [[ $func_addr =~ "/" ]] && user_size=${func_addr#*/}
- if [[ -z $func ]] || [[ -z $offset ]] || [[ $func = $func_addr ]]; then
+ if [[ -z $sym_name ]] || [[ -z $offset ]] || [[ $sym_name = $func_addr ]]; then
warn "bad func+offset $func_addr"
DONE=1
return
fi
# Go through each of the object's symbols which match the func name.
- # In rare cases there might be duplicates.
- file_end=$(${SIZE} -Ax $objfile | awk '$1 == ".text" {print $2}')
- while read symbol; do
- local fields=($symbol)
- local sym_base=0x${fields[0]}
- local sym_type=${fields[1]}
- local sym_end=${fields[3]}
-
- # calculate the size
- local sym_size=$(($sym_end - $sym_base))
+ # In rare cases there might be duplicates, in which case we print all
+ # matches.
+ while read line; do
+ local fields=($line)
+ local sym_addr=0x${fields[1]}
+ local sym_elf_size=${fields[2]}
+ local sym_sec=${fields[6]}
+
+ # Get the section size:
+ local sec_size=$(${READELF} --section-headers --wide $objfile |
+ sed 's/\[ /\[/' |
+ ${AWK} -v sec=$sym_sec '$1 == "[" sec "]" { print "0x" $6; exit }')
+
+ if [[ -z $sec_size ]]; then
+ warn "bad section size: section: $sym_sec"
+ DONE=1
+ return
+ fi
+
+ # Calculate the symbol size.
+ #
+ # Unfortunately we can't use the ELF size, because kallsyms
+ # also includes the padding bytes in its size calculation. For
+ # kallsyms, the size calculation is the distance between the
+ # symbol and the next symbol in a sorted list.
+ local sym_size
+ local cur_sym_addr
+ local found=0
+ while read line; do
+ local fields=($line)
+ cur_sym_addr=0x${fields[1]}
+ local cur_sym_elf_size=${fields[2]}
+ local cur_sym_name=${fields[7]:-}
+
+ if [[ $cur_sym_addr = $sym_addr ]] &&
+ [[ $cur_sym_elf_size = $sym_elf_size ]] &&
+ [[ $cur_sym_name = $sym_name ]]; then
+ found=1
+ continue
+ fi
+
+ if [[ $found = 1 ]]; then
+ sym_size=$(($cur_sym_addr - $sym_addr))
+ [[ $sym_size -lt $sym_elf_size ]] && continue;
+ found=2
+ break
+ fi
+ done < <(${READELF} --symbols --wide $objfile | ${AWK} -v sec=$sym_sec '$7 == sec' | sort --key=2)
+
+ if [[ $found = 0 ]]; then
+ warn "can't find symbol: sym_name: $sym_name sym_sec: $sym_sec sym_addr: $sym_addr sym_elf_size: $sym_elf_size"
+ DONE=1
+ return
+ fi
+
+ # If nothing was found after the symbol, assume it's the last
+ # symbol in the section.
+ [[ $found = 1 ]] && sym_size=$(($sec_size - $sym_addr))
+
if [[ -z $sym_size ]] || [[ $sym_size -le 0 ]]; then
- warn "bad symbol size: base: $sym_base end: $sym_end"
+ warn "bad symbol size: sym_addr: $sym_addr cur_sym_addr: $cur_sym_addr"
DONE=1
return
fi
+
sym_size=0x$(printf %x $sym_size)
- # calculate the address
- local addr=$(($sym_base + $offset))
+ # Calculate the section address from user-supplied offset:
+ local addr=$(($sym_addr + $offset))
if [[ -z $addr ]] || [[ $addr = 0 ]]; then
- warn "bad address: $sym_base + $offset"
+ warn "bad address: $sym_addr + $offset"
DONE=1
return
fi
addr=0x$(printf %x $addr)
- # weed out non-function symbols
- if [[ $sym_type != t ]] && [[ $sym_type != T ]]; then
- [[ $print_warnings = 1 ]] &&
- echo "skipping $func address at $addr due to non-function symbol of type '$sym_type'"
- continue
- fi
-
- # if the user provided a size, make sure it matches the symbol's size
- if [[ -n $size ]] && [[ $size -ne $sym_size ]]; then
+ # If the user provided a size, make sure it matches the symbol's size:
+ if [[ -n $user_size ]] && [[ $user_size -ne $sym_size ]]; then
[[ $print_warnings = 1 ]] &&
- echo "skipping $func address at $addr due to size mismatch ($size != $sym_size)"
+ echo "skipping $sym_name address at $addr due to size mismatch ($user_size != $sym_size)"
continue;
fi
- # make sure the provided offset is within the symbol's range
+ # Make sure the provided offset is within the symbol's range:
if [[ $offset -gt $sym_size ]]; then
[[ $print_warnings = 1 ]] &&
- echo "skipping $func address at $addr due to size mismatch ($offset > $sym_size)"
+ echo "skipping $sym_name address at $addr due to size mismatch ($offset > $sym_size)"
continue
fi
- # separate multiple entries with a blank line
+ # In case of duplicates or multiple addresses specified on the
+ # cmdline, separate multiple entries with a blank line:
[[ $FIRST = 0 ]] && echo
FIRST=0
- # pass real address to addr2line
- echo "$func+$offset/$sym_size:"
- local file_lines=$(${ADDR2LINE} -fpie $objfile $addr | sed "s; $dir_prefix\(\./\)*; ;")
- [[ -z $file_lines ]] && return
+ echo "$sym_name+$offset/$sym_size:"
+ # Pass section address to addr2line and strip absolute paths
+ # from the output:
+ local output=$(${ADDR2LINE} -fpie $objfile $addr | sed "s; $dir_prefix\(\./\)*; ;")
+ [[ -z $output ]] && continue
+
+ # Default output (non --list):
if [[ $LIST = 0 ]]; then
- echo "$file_lines" | while read -r line
+ echo "$output" | while read -r line
do
echo $line
done
DONE=1;
- return
+ continue
fi
- # show each line with context
- echo "$file_lines" | while read -r line
+ # For --list, show each line with its corresponding source code:
+ echo "$output" | while read -r line
do
echo
echo $line
@@ -184,12 +228,12 @@ __faddr2line() {
n1=$[$n-5]
n2=$[$n+5]
f=$(echo $line | sed 's/.*at \(.\+\):.*/\1/g')
- awk 'NR>=strtonum("'$n1'") && NR<=strtonum("'$n2'") { if (NR=='$n') printf(">%d<", NR); else printf(" %d ", NR); printf("\t%s\n", $0)}' $f
+ ${AWK} 'NR>=strtonum("'$n1'") && NR<=strtonum("'$n2'") { if (NR=='$n') printf(">%d<", NR); else printf(" %d ", NR); printf("\t%s\n", $0)}' $f
done
DONE=1
- done < <(${NM} -n $objfile | awk -v fn=$func -v end=$file_end '$3 == fn { found=1; line=$0; start=$1; next } found == 1 { found=0; print line, "0x"$1 } END {if (found == 1) print line, end; }')
+ done < <(${READELF} --symbols --wide $objfile | ${AWK} -v fn=$sym_name '$4 == "FUNC" && $8 == fn')
}
[[ $# -lt 2 ]] && usage
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 209/452] media: aspeed: Fix an error handling path in aspeed_video_probe()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 208/452] scripts/faddr2line: Fix overlapping text section failures Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 210/452] media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe Greg Kroah-Hartman
` (248 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 310fda622bbd38be17fb444f7f049b137af3bc0d ]
A dma_free_coherent() call is missing in the error handling path of the
probe, as already done in the remove function.
In fact, this call is included in aspeed_video_free_buf(). So use the
latter both in the error handling path of the probe and in the remove
function.
It is easier to see the relation with aspeed_video_alloc_buf() this way.
Fixes: d2b4387f3bdf ("media: platform: Add Aspeed Video Engine driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/aspeed-video.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/aspeed-video.c b/drivers/media/platform/aspeed-video.c
index 757a58829a51..9d9124308f6a 100644
--- a/drivers/media/platform/aspeed-video.c
+++ b/drivers/media/platform/aspeed-video.c
@@ -1723,6 +1723,7 @@ static int aspeed_video_probe(struct platform_device *pdev)
rc = aspeed_video_setup_video(video);
if (rc) {
+ aspeed_video_free_buf(video, &video->jpeg);
clk_unprepare(video->vclk);
clk_unprepare(video->eclk);
return rc;
@@ -1748,8 +1749,7 @@ static int aspeed_video_remove(struct platform_device *pdev)
v4l2_device_unregister(v4l2_dev);
- dma_free_coherent(video->dev, VE_JPEG_HEADER_SIZE, video->jpeg.virt,
- video->jpeg.dma);
+ aspeed_video_free_buf(video, &video->jpeg);
of_reserved_mem_device_release(dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 210/452] media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 209/452] media: aspeed: Fix an error handling path in aspeed_video_probe() Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 211/452] media: st-delta: Fix PM disable depth imbalance in delta_probe Greg Kroah-Hartman
` (247 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Krzysztof Kozlowski,
Alim Akhtar, Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 5c0db68ce0faeb000c3540d095eb272d671a6e03 ]
If probe fails then we need to call pm_runtime_disable() to balance
out the previous pm_runtime_enable() call.
Fixes: 9a761e436843 ("[media] exynos4-is: Add Exynos4x12 FIMC-IS driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/exynos4-is/fimc-is.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/exynos4-is/fimc-is.c b/drivers/media/platform/exynos4-is/fimc-is.c
index d26fa5967d82..d4b31b3c9282 100644
--- a/drivers/media/platform/exynos4-is/fimc-is.c
+++ b/drivers/media/platform/exynos4-is/fimc-is.c
@@ -830,7 +830,7 @@ static int fimc_is_probe(struct platform_device *pdev)
ret = pm_runtime_resume_and_get(dev);
if (ret < 0)
- goto err_irq;
+ goto err_pm_disable;
vb2_dma_contig_set_max_seg_size(dev, DMA_BIT_MASK(32));
@@ -864,6 +864,8 @@ static int fimc_is_probe(struct platform_device *pdev)
pm_runtime_put_noidle(dev);
if (!pm_runtime_enabled(dev))
fimc_is_runtime_suspend(dev);
+err_pm_disable:
+ pm_runtime_disable(dev);
err_irq:
free_irq(is->irq, is);
err_clk:
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 211/452] media: st-delta: Fix PM disable depth imbalance in delta_probe
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 210/452] media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 212/452] media: exynos4-is: Change clk_disable to clk_disable_unprepare Greg Kroah-Hartman
` (246 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Hugues Fruchet,
Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 94e3dba710fe0afc772172305444250023fc2d30 ]
The pm_runtime_enable will decrease power disable depth.
If the probe fails, we should use pm_runtime_disable() to balance
pm_runtime_enable().
Fixes: f386509e4959 ("[media] st-delta: STiH4xx multi-format video decoder v4l2 driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Acked-by: Hugues Fruchet <hugues.fruchet@foss.st.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/sti/delta/delta-v4l2.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/sti/delta/delta-v4l2.c b/drivers/media/platform/sti/delta/delta-v4l2.c
index c691b3d81549..5da49a0ab70b 100644
--- a/drivers/media/platform/sti/delta/delta-v4l2.c
+++ b/drivers/media/platform/sti/delta/delta-v4l2.c
@@ -1862,7 +1862,7 @@ static int delta_probe(struct platform_device *pdev)
if (ret) {
dev_err(delta->dev, "%s failed to initialize firmware ipc channel\n",
DELTA_PREFIX);
- goto err;
+ goto err_pm_disable;
}
/* register all available decoders */
@@ -1876,7 +1876,7 @@ static int delta_probe(struct platform_device *pdev)
if (ret) {
dev_err(delta->dev, "%s failed to register V4L2 device\n",
DELTA_PREFIX);
- goto err;
+ goto err_pm_disable;
}
delta->work_queue = create_workqueue(DELTA_NAME);
@@ -1901,6 +1901,8 @@ static int delta_probe(struct platform_device *pdev)
destroy_workqueue(delta->work_queue);
err_v4l2:
v4l2_device_unregister(&delta->v4l2_dev);
+err_pm_disable:
+ pm_runtime_disable(dev);
err:
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 212/452] media: exynos4-is: Change clk_disable to clk_disable_unprepare
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 211/452] media: st-delta: Fix PM disable depth imbalance in delta_probe Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 213/452] media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init Greg Kroah-Hartman
` (245 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 9fadab72a6916c7507d7fedcd644859eef995078 ]
The corresponding API for clk_prepare_enable is clk_disable_unprepare,
other than clk_disable.
Fix this by changing clk_disable to clk_disable_unprepare.
Fixes: b4155d7d5b2c ("[media] exynos4-is: Ensure fimc-is clocks are not enabled until properly configured")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/exynos4-is/fimc-is.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/exynos4-is/fimc-is.c b/drivers/media/platform/exynos4-is/fimc-is.c
index d4b31b3c9282..dc2a144cd29b 100644
--- a/drivers/media/platform/exynos4-is/fimc-is.c
+++ b/drivers/media/platform/exynos4-is/fimc-is.c
@@ -140,7 +140,7 @@ static int fimc_is_enable_clocks(struct fimc_is *is)
dev_err(&is->pdev->dev, "clock %s enable failed\n",
fimc_is_clocks[i]);
for (--i; i >= 0; i--)
- clk_disable(is->clocks[i]);
+ clk_disable_unprepare(is->clocks[i]);
return ret;
}
pr_debug("enabled clock: %s\n", fimc_is_clocks[i]);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 213/452] media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 212/452] media: exynos4-is: Change clk_disable to clk_disable_unprepare Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 214/452] media: vsp1: Fix offset calculation for plane cropping Greg Kroah-Hartman
` (244 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Skripkin, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin, syzbot+1a247e36149ffd709a9b
From: Pavel Skripkin <paskripkin@gmail.com>
[ Upstream commit 471bec68457aaf981add77b4f590d65dd7da1059 ]
Syzbot reported that -1 is used as array index. The problem was in
missing validation check.
hdw->unit_number is initialized with -1 and then if init table walk fails
this value remains unchanged. Since code blindly uses this member for
array indexing adding sanity check is the easiest fix for that.
hdw->workpoll initialization moved upper to prevent warning in
__flush_work.
Reported-and-tested-by: syzbot+1a247e36149ffd709a9b@syzkaller.appspotmail.com
Fixes: d855497edbfb ("V4L/DVB (4228a): pvrusb2 to kernel 2.6.18")
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
index 3915d551d59e..fccd1798445d 100644
--- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
+++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c
@@ -2569,6 +2569,11 @@ struct pvr2_hdw *pvr2_hdw_create(struct usb_interface *intf,
} while (0);
mutex_unlock(&pvr2_unit_mtx);
+ INIT_WORK(&hdw->workpoll, pvr2_hdw_worker_poll);
+
+ if (hdw->unit_number == -1)
+ goto fail;
+
cnt1 = 0;
cnt2 = scnprintf(hdw->name+cnt1,sizeof(hdw->name)-cnt1,"pvrusb2");
cnt1 += cnt2;
@@ -2580,8 +2585,6 @@ struct pvr2_hdw *pvr2_hdw_create(struct usb_interface *intf,
if (cnt1 >= sizeof(hdw->name)) cnt1 = sizeof(hdw->name)-1;
hdw->name[cnt1] = 0;
- INIT_WORK(&hdw->workpoll,pvr2_hdw_worker_poll);
-
pvr2_trace(PVR2_TRACE_INIT,"Driver unit number is %d, name is %s",
hdw->unit_number,hdw->name);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 214/452] media: vsp1: Fix offset calculation for plane cropping
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 213/452] media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 215/452] Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout Greg Kroah-Hartman
` (243 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Rodin, LUU HOAI,
Laurent Pinchart, Kieran Bingham, Mauro Carvalho Chehab,
Sasha Levin
From: Michael Rodin <mrodin@de.adit-jv.com>
[ Upstream commit 5f25abec8f21b7527c1223a354d23c270befddb3 ]
The vertical subsampling factor is currently not considered in the
offset calculation for plane cropping done in rpf_configure_partition.
This causes a distortion (shift of the color plane) when formats with
the vsub factor larger than 1 are used (e.g. NV12, see
vsp1_video_formats in vsp1_pipe.c). This commit considers vsub factor
for all planes except plane 0 (luminance).
Drop generalization of the offset calculation to reduce the binary size.
Fixes: e5ad37b64de9 ("[media] v4l: vsp1: Add cropping support")
Signed-off-by: Michael Rodin <mrodin@de.adit-jv.com>
Signed-off-by: LUU HOAI <hoai.luu.ub@renesas.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/vsp1/vsp1_rpf.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/media/platform/vsp1/vsp1_rpf.c b/drivers/media/platform/vsp1/vsp1_rpf.c
index 85587c1b6a37..75083cb234fe 100644
--- a/drivers/media/platform/vsp1/vsp1_rpf.c
+++ b/drivers/media/platform/vsp1/vsp1_rpf.c
@@ -291,11 +291,11 @@ static void rpf_configure_partition(struct vsp1_entity *entity,
+ crop.left * fmtinfo->bpp[0] / 8;
if (format->num_planes > 1) {
+ unsigned int bpl = format->plane_fmt[1].bytesperline;
unsigned int offset;
- offset = crop.top * format->plane_fmt[1].bytesperline
- + crop.left / fmtinfo->hsub
- * fmtinfo->bpp[1] / 8;
+ offset = crop.top / fmtinfo->vsub * bpl
+ + crop.left / fmtinfo->hsub * fmtinfo->bpp[1] / 8;
mem.addr[1] += offset;
mem.addr[2] += offset;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 215/452] Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 214/452] media: vsp1: Fix offset calculation for plane cropping Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 216/452] Bluetooth: Interleave with allowlist scan Greg Kroah-Hartman
` (242 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+2bef95d3ab4daa10155b,
Ying Hsu, Joseph Hwang, Marcel Holtmann, Sasha Levin
From: Ying Hsu <yinghsu@chromium.org>
[ Upstream commit 7aa1e7d15f8a5b65f67bacb100d8fc033b21efa2 ]
Connecting the same socket twice consecutively in sco_sock_connect()
could lead to a race condition where two sco_conn objects are created
but only one is associated with the socket. If the socket is closed
before the SCO connection is established, the timer associated with the
dangling sco_conn object won't be canceled. As the sock object is being
freed, the use-after-free problem happens when the timer callback
function sco_sock_timeout() accesses the socket. Here's the call trace:
dump_stack+0x107/0x163
? refcount_inc+0x1c/
print_address_description.constprop.0+0x1c/0x47e
? refcount_inc+0x1c/0x7b
kasan_report+0x13a/0x173
? refcount_inc+0x1c/0x7b
check_memory_region+0x132/0x139
refcount_inc+0x1c/0x7b
sco_sock_timeout+0xb2/0x1ba
process_one_work+0x739/0xbd1
? cancel_delayed_work+0x13f/0x13f
? __raw_spin_lock_init+0xf0/0xf0
? to_kthread+0x59/0x85
worker_thread+0x593/0x70e
kthread+0x346/0x35a
? drain_workqueue+0x31a/0x31a
? kthread_bind+0x4b/0x4b
ret_from_fork+0x1f/0x30
Link: https://syzkaller.appspot.com/bug?extid=2bef95d3ab4daa10155b
Reported-by: syzbot+2bef95d3ab4daa10155b@syzkaller.appspotmail.com
Fixes: e1dee2c1de2b ("Bluetooth: fix repeated calls to sco_sock_kill")
Signed-off-by: Ying Hsu <yinghsu@chromium.org>
Reviewed-by: Joseph Hwang <josephsih@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/sco.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 2f2b8ddc4dd5..df254c7de2dd 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -575,19 +575,24 @@ static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen
addr->sa_family != AF_BLUETOOTH)
return -EINVAL;
- if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
- return -EBADFD;
+ lock_sock(sk);
+ if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
+ err = -EBADFD;
+ goto done;
+ }
- if (sk->sk_type != SOCK_SEQPACKET)
- return -EINVAL;
+ if (sk->sk_type != SOCK_SEQPACKET) {
+ err = -EINVAL;
+ goto done;
+ }
hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR);
- if (!hdev)
- return -EHOSTUNREACH;
+ if (!hdev) {
+ err = -EHOSTUNREACH;
+ goto done;
+ }
hci_dev_lock(hdev);
- lock_sock(sk);
-
/* Set destination address and psm */
bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 216/452] Bluetooth: Interleave with allowlist scan
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 215/452] Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 217/452] Bluetooth: L2CAP: Rudimentary typo fixes Greg Kroah-Hartman
` (241 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Howard Chung, Alain Michaud,
Manish Mandlik, Marcel Holtmann, Johan Hedberg, Sasha Levin
From: Howard Chung <howardchung@google.com>
[ Upstream commit c4f1f408168cd6a83d973e98e1cd1888e4d3d907 ]
This patch implements the interleaving between allowlist scan and
no-filter scan. It'll be used to save power when at least one monitor is
registered and at least one pending connection or one device to be
scanned for.
The durations of the allowlist scan and the no-filter scan are
controlled by MGMT command: Set Default System Configuration. The
default values are set randomly for now.
Signed-off-by: Howard Chung <howardchung@google.com>
Reviewed-by: Alain Michaud <alainm@chromium.org>
Reviewed-by: Manish Mandlik <mmandlik@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/bluetooth/hci_core.h | 10 +++
net/bluetooth/hci_core.c | 3 +
net/bluetooth/hci_request.c | 128 +++++++++++++++++++++++++++++--
net/bluetooth/mgmt_config.c | 10 +++
4 files changed, 144 insertions(+), 7 deletions(-)
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 09104ca14a3e..0520c550086e 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -364,6 +364,8 @@ struct hci_dev {
__u8 ssp_debug_mode;
__u8 hw_error_code;
__u32 clock;
+ __u16 advmon_allowlist_duration;
+ __u16 advmon_no_filter_duration;
__u16 devid_source;
__u16 devid_vendor;
@@ -545,6 +547,14 @@ struct hci_dev {
struct delayed_work rpa_expired;
bdaddr_t rpa;
+ enum {
+ INTERLEAVE_SCAN_NONE,
+ INTERLEAVE_SCAN_NO_FILTER,
+ INTERLEAVE_SCAN_ALLOWLIST
+ } interleave_scan_state;
+
+ struct delayed_work interleave_scan;
+
#if IS_ENABLED(CONFIG_BT_LEDS)
struct led_trigger *power_led;
#endif
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index c331b4176de7..99657c1e66ba 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -3606,6 +3606,9 @@ struct hci_dev *hci_alloc_dev(void)
hdev->cur_adv_instance = 0x00;
hdev->adv_instance_timeout = 0;
+ hdev->advmon_allowlist_duration = 300;
+ hdev->advmon_no_filter_duration = 500;
+
hdev->sniff_max_interval = 800;
hdev->sniff_min_interval = 80;
diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c
index d965b7c66bd6..2405e1ffebbd 100644
--- a/net/bluetooth/hci_request.c
+++ b/net/bluetooth/hci_request.c
@@ -382,6 +382,53 @@ void __hci_req_write_fast_connectable(struct hci_request *req, bool enable)
hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
}
+static void start_interleave_scan(struct hci_dev *hdev)
+{
+ hdev->interleave_scan_state = INTERLEAVE_SCAN_NO_FILTER;
+ queue_delayed_work(hdev->req_workqueue,
+ &hdev->interleave_scan, 0);
+}
+
+static bool is_interleave_scanning(struct hci_dev *hdev)
+{
+ return hdev->interleave_scan_state != INTERLEAVE_SCAN_NONE;
+}
+
+static void cancel_interleave_scan(struct hci_dev *hdev)
+{
+ bt_dev_dbg(hdev, "cancelling interleave scan");
+
+ cancel_delayed_work_sync(&hdev->interleave_scan);
+
+ hdev->interleave_scan_state = INTERLEAVE_SCAN_NONE;
+}
+
+/* Return true if interleave_scan wasn't started until exiting this function,
+ * otherwise, return false
+ */
+static bool __hci_update_interleaved_scan(struct hci_dev *hdev)
+{
+ /* If there is at least one ADV monitors and one pending LE connection
+ * or one device to be scanned for, we should alternate between
+ * allowlist scan and one without any filters to save power.
+ */
+ bool use_interleaving = hci_is_adv_monitoring(hdev) &&
+ !(list_empty(&hdev->pend_le_conns) &&
+ list_empty(&hdev->pend_le_reports));
+ bool is_interleaving = is_interleave_scanning(hdev);
+
+ if (use_interleaving && !is_interleaving) {
+ start_interleave_scan(hdev);
+ bt_dev_dbg(hdev, "starting interleave scan");
+ return true;
+ }
+
+ if (!use_interleaving && is_interleaving)
+ cancel_interleave_scan(hdev);
+
+ return false;
+}
+
/* This function controls the background scanning based on hdev->pend_le_conns
* list. If there are pending LE connection we start the background scanning,
* otherwise we stop it.
@@ -454,8 +501,7 @@ static void __hci_update_background_scan(struct hci_request *req)
hci_req_add_le_scan_disable(req, false);
hci_req_add_le_passive_scan(req);
-
- BT_DBG("%s starting background scanning", hdev->name);
+ bt_dev_dbg(hdev, "starting background scanning");
}
}
@@ -852,12 +898,17 @@ static u8 update_white_list(struct hci_request *req)
return 0x00;
}
- /* Once the controller offloading of advertisement monitor is in place,
- * the if condition should include the support of MSFT extension
- * support. If suspend is ongoing, whitelist should be the default to
- * prevent waking by random advertisements.
+ /* Use the allowlist unless the following conditions are all true:
+ * - We are not currently suspending
+ * - There are 1 or more ADV monitors registered
+ * - Interleaved scanning is not currently using the allowlist
+ *
+ * Once the controller offloading of advertisement monitor is in place,
+ * the above condition should include the support of MSFT extension
+ * support.
*/
- if (!idr_is_empty(&hdev->adv_monitors_idr) && !hdev->suspended)
+ if (!idr_is_empty(&hdev->adv_monitors_idr) && !hdev->suspended &&
+ hdev->interleave_scan_state != INTERLEAVE_SCAN_ALLOWLIST)
return 0x00;
/* Select filter policy to use white list */
@@ -1010,6 +1061,10 @@ void hci_req_add_le_passive_scan(struct hci_request *req)
&own_addr_type))
return;
+ if (__hci_update_interleaved_scan(hdev))
+ return;
+
+ bt_dev_dbg(hdev, "interleave state %d", hdev->interleave_scan_state);
/* Adding or removing entries from the white list must
* happen before enabling scanning. The controller does
* not allow white list modification while scanning.
@@ -1884,6 +1939,62 @@ static void adv_timeout_expire(struct work_struct *work)
hci_dev_unlock(hdev);
}
+static int hci_req_add_le_interleaved_scan(struct hci_request *req,
+ unsigned long opt)
+{
+ struct hci_dev *hdev = req->hdev;
+ int ret = 0;
+
+ hci_dev_lock(hdev);
+
+ if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
+ hci_req_add_le_scan_disable(req, false);
+ hci_req_add_le_passive_scan(req);
+
+ switch (hdev->interleave_scan_state) {
+ case INTERLEAVE_SCAN_ALLOWLIST:
+ bt_dev_dbg(hdev, "next state: allowlist");
+ hdev->interleave_scan_state = INTERLEAVE_SCAN_NO_FILTER;
+ break;
+ case INTERLEAVE_SCAN_NO_FILTER:
+ bt_dev_dbg(hdev, "next state: no filter");
+ hdev->interleave_scan_state = INTERLEAVE_SCAN_ALLOWLIST;
+ break;
+ case INTERLEAVE_SCAN_NONE:
+ BT_ERR("unexpected error");
+ ret = -1;
+ }
+
+ hci_dev_unlock(hdev);
+
+ return ret;
+}
+
+static void interleave_scan_work(struct work_struct *work)
+{
+ struct hci_dev *hdev = container_of(work, struct hci_dev,
+ interleave_scan.work);
+ u8 status;
+ unsigned long timeout;
+
+ if (hdev->interleave_scan_state == INTERLEAVE_SCAN_ALLOWLIST) {
+ timeout = msecs_to_jiffies(hdev->advmon_allowlist_duration);
+ } else if (hdev->interleave_scan_state == INTERLEAVE_SCAN_NO_FILTER) {
+ timeout = msecs_to_jiffies(hdev->advmon_no_filter_duration);
+ } else {
+ bt_dev_err(hdev, "unexpected error");
+ return;
+ }
+
+ hci_req_sync(hdev, hci_req_add_le_interleaved_scan, 0,
+ HCI_CMD_TIMEOUT, &status);
+
+ /* Don't continue interleaving if it was canceled */
+ if (is_interleave_scanning(hdev))
+ queue_delayed_work(hdev->req_workqueue,
+ &hdev->interleave_scan, timeout);
+}
+
int hci_get_random_address(struct hci_dev *hdev, bool require_privacy,
bool use_rpa, struct adv_info *adv_instance,
u8 *own_addr_type, bdaddr_t *rand_addr)
@@ -3311,6 +3422,7 @@ void hci_request_setup(struct hci_dev *hdev)
INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
INIT_DELAYED_WORK(&hdev->le_scan_restart, le_scan_restart_work);
INIT_DELAYED_WORK(&hdev->adv_instance_expire, adv_timeout_expire);
+ INIT_DELAYED_WORK(&hdev->interleave_scan, interleave_scan_work);
}
void hci_request_cancel_all(struct hci_dev *hdev)
@@ -3330,4 +3442,6 @@ void hci_request_cancel_all(struct hci_dev *hdev)
cancel_delayed_work_sync(&hdev->adv_instance_expire);
hdev->adv_instance_timeout = 0;
}
+
+ cancel_interleave_scan(hdev);
}
diff --git a/net/bluetooth/mgmt_config.c b/net/bluetooth/mgmt_config.c
index b30b571f8caf..2d3ad288c78a 100644
--- a/net/bluetooth/mgmt_config.c
+++ b/net/bluetooth/mgmt_config.c
@@ -67,6 +67,8 @@ int read_def_system_config(struct sock *sk, struct hci_dev *hdev, void *data,
HDEV_PARAM_U16(0x001a, le_supv_timeout),
HDEV_PARAM_U16_JIFFIES_TO_MSECS(0x001b,
def_le_autoconnect_timeout),
+ HDEV_PARAM_U16(0x001d, advmon_allowlist_duration),
+ HDEV_PARAM_U16(0x001e, advmon_no_filter_duration),
};
struct mgmt_rp_read_def_system_config *rp = (void *)params;
@@ -138,6 +140,8 @@ int set_def_system_config(struct sock *sk, struct hci_dev *hdev, void *data,
case 0x0019:
case 0x001a:
case 0x001b:
+ case 0x001d:
+ case 0x001e:
if (len != sizeof(u16)) {
bt_dev_warn(hdev, "invalid length %d, exp %zu for type %d",
len, sizeof(u16), type);
@@ -251,6 +255,12 @@ int set_def_system_config(struct sock *sk, struct hci_dev *hdev, void *data,
hdev->def_le_autoconnect_timeout =
msecs_to_jiffies(TLV_GET_LE16(buffer));
break;
+ case 0x0001d:
+ hdev->advmon_allowlist_duration = TLV_GET_LE16(buffer);
+ break;
+ case 0x0001e:
+ hdev->advmon_no_filter_duration = TLV_GET_LE16(buffer);
+ break;
default:
bt_dev_warn(hdev, "unsupported parameter %u", type);
break;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 217/452] Bluetooth: L2CAP: Rudimentary typo fixes
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 216/452] Bluetooth: Interleave with allowlist scan Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 218/452] Bluetooth: LL privacy allow RPA Greg Kroah-Hartman
` (240 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bhaskar Chowdhury, Randy Dunlap,
Marcel Holtmann, Sasha Levin
From: Bhaskar Chowdhury <unixbhaskar@gmail.com>
[ Upstream commit 5153ceb9e622f4e27de461404edc73324da70f8c ]
s/minium/minimum/
s/procdure/procedure/
Signed-off-by: Bhaskar Chowdhury <unixbhaskar@gmail.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/l2cap_core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 012c1a0abda8..ad33c592cde4 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1689,7 +1689,7 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
smp_conn_security(hcon, hcon->pending_sec_level);
/* For LE slave connections, make sure the connection interval
- * is in the range of the minium and maximum interval that has
+ * is in the range of the minimum and maximum interval that has
* been configured for this connection. If not, then trigger
* the connection update procedure.
*/
@@ -7540,7 +7540,7 @@ static void l2cap_data_channel(struct l2cap_conn *conn, u16 cid,
BT_DBG("chan %p, len %d", chan, skb->len);
/* If we receive data on a fixed channel before the info req/rsp
- * procdure is done simply assume that the channel is supported
+ * procedure is done simply assume that the channel is supported
* and mark it as ready.
*/
if (chan->chan_type == L2CAP_CHAN_FIXED)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 218/452] Bluetooth: LL privacy allow RPA
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 217/452] Bluetooth: L2CAP: Rudimentary typo fixes Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 219/452] Bluetooth: use inclusive language in HCI role comments Greg Kroah-Hartman
` (239 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sathish Narasimman, Marcel Holtmann,
Sasha Levin
From: Sathish Narasimman <sathish.narasimman@intel.com>
[ Upstream commit 8ce85ada0a05e21a5386ba5c417c52ab00fcd0d1 ]
allow RPA to add bd address to whitelist
Signed-off-by: Sathish Narasimman <sathish.narasimman@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_request.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c
index 2405e1ffebbd..eb4c1c18eb01 100644
--- a/net/bluetooth/hci_request.c
+++ b/net/bluetooth/hci_request.c
@@ -842,6 +842,10 @@ static u8 update_white_list(struct hci_request *req)
*/
bool allow_rpa = hdev->suspended;
+ if (use_ll_privacy(hdev) &&
+ hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
+ allow_rpa = true;
+
/* Go through the current white list programmed into the
* controller one by one and check if that address is still
* in the list of pending connections or list of devices to
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 219/452] Bluetooth: use inclusive language in HCI role comments
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 218/452] Bluetooth: LL privacy allow RPA Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 220/452] Bluetooth: use inclusive language when filtering devices Greg Kroah-Hartman
` (238 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Archie Pusaka, Marcel Holtmann, Sasha Levin
From: Archie Pusaka <apusaka@chromium.org>
[ Upstream commit 74be523ce6bed0531e4f31c3e1387909589e9bfe ]
This patch replaces some non-inclusive terms based on the appropriate
language mapping table compiled by the Bluetooth SIG:
https://specificationrefs.bluetooth.com/language-mapping/Appropriate_Language_Mapping_Table.pdf
Specifically, these terms are replaced:
master -> initiator (for smp) or central (everything else)
slave -> responder (for smp) or peripheral (everything else)
The #define preprocessor terms are unchanged for now to not disturb
dependent APIs.
Signed-off-by: Archie Pusaka <apusaka@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_conn.c | 8 ++++----
net/bluetooth/hci_event.c | 6 +++---
net/bluetooth/l2cap_core.c | 2 +-
net/bluetooth/smp.c | 6 +++---
4 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index ecd2ffcf2ba2..140d9764c77e 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -240,7 +240,7 @@ int hci_disconnect(struct hci_conn *conn, __u8 reason)
{
BT_DBG("hcon %p", conn);
- /* When we are master of an established connection and it enters
+ /* When we are central of an established connection and it enters
* the disconnect timeout, then go ahead and try to read the
* current clock offset. Processing of the result is done
* within the event handling and hci_clock_offset_evt function.
@@ -1065,16 +1065,16 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst,
hci_req_init(&req, hdev);
- /* Disable advertising if we're active. For master role
+ /* Disable advertising if we're active. For central role
* connections most controllers will refuse to connect if
- * advertising is enabled, and for slave role connections we
+ * advertising is enabled, and for peripheral role connections we
* anyway have to disable it in order to start directed
* advertising.
*/
if (hci_dev_test_flag(hdev, HCI_LE_ADV))
__hci_req_disable_advertising(&req);
- /* If requested to connect as slave use directed advertising */
+ /* If requested to connect as peripheral use directed advertising */
if (conn->role == HCI_ROLE_SLAVE) {
/* If we're active scanning most controllers are unable
* to initiate advertising. Simply reject the attempt.
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index e926e80d9731..061ef20e135e 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -2759,9 +2759,9 @@ static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
bacpy(&cp.bdaddr, &ev->bdaddr);
if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
- cp.role = 0x00; /* Become master */
+ cp.role = 0x00; /* Become central */
else
- cp.role = 0x01; /* Remain slave */
+ cp.role = 0x01; /* Remain peripheral */
hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
} else if (!(flags & HCI_PROTO_DEFER)) {
@@ -5153,7 +5153,7 @@ static void le_conn_complete_evt(struct hci_dev *hdev, u8 status,
conn->dst_type = bdaddr_type;
/* If we didn't have a hci_conn object previously
- * but we're in master role this must be something
+ * but we're in central role this must be something
* initiated using a white list. Since white list based
* connections are not "first class citizens" we don't
* have full tracking of them. Therefore, we go ahead
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index ad33c592cde4..6c80e62cea0c 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1688,7 +1688,7 @@ static void l2cap_le_conn_ready(struct l2cap_conn *conn)
if (hcon->out)
smp_conn_security(hcon, hcon->pending_sec_level);
- /* For LE slave connections, make sure the connection interval
+ /* For LE peripheral connections, make sure the connection interval
* is in the range of the minimum and maximum interval that has
* been configured for this connection. If not, then trigger
* the connection update procedure.
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 2b7879afc333..b7374dbee23a 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -909,8 +909,8 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
hcon->pending_sec_level = BT_SECURITY_HIGH;
}
- /* If both devices have Keyoard-Display I/O, the master
- * Confirms and the slave Enters the passkey.
+ /* If both devices have Keyboard-Display I/O, the initiator
+ * Confirms and the responder Enters the passkey.
*/
if (smp->method == OVERLAP) {
if (hcon->role == HCI_ROLE_MASTER)
@@ -3076,7 +3076,7 @@ static void bredr_pairing(struct l2cap_chan *chan)
if (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags))
return;
- /* Only master may initiate SMP over BR/EDR */
+ /* Only initiator may initiate SMP over BR/EDR */
if (hcon->role != HCI_ROLE_MASTER)
return;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 220/452] Bluetooth: use inclusive language when filtering devices
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 219/452] Bluetooth: use inclusive language in HCI role comments Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 221/452] Bluetooth: use hdev lock for accept_list and reject_list in conn req Greg Kroah-Hartman
` (237 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Archie Pusaka, Miao-chen Chou,
Marcel Holtmann, Sasha Levin
From: Archie Pusaka <apusaka@chromium.org>
[ Upstream commit 3d4f9c00492b4e21641e5140a5e78cb50b58d60b ]
This patch replaces some non-inclusive terms based on the appropriate
language mapping table compiled by the Bluetooth SIG:
https://specificationrefs.bluetooth.com/language-mapping/Appropriate_Language_Mapping_Table.pdf
Specifically, these terms are replaced:
blacklist -> reject list
whitelist -> accept list
Signed-off-by: Archie Pusaka <apusaka@chromium.org>
Reviewed-by: Miao-chen Chou <mcchou@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/bluetooth/hci.h | 16 +++---
include/net/bluetooth/hci_core.h | 8 +--
net/bluetooth/hci_core.c | 24 ++++-----
net/bluetooth/hci_debugfs.c | 8 +--
net/bluetooth/hci_event.c | 70 ++++++++++++-------------
net/bluetooth/hci_request.c | 89 ++++++++++++++++----------------
net/bluetooth/hci_sock.c | 12 ++---
net/bluetooth/l2cap_core.c | 4 +-
net/bluetooth/mgmt.c | 14 ++---
9 files changed, 123 insertions(+), 122 deletions(-)
diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index 243de74e118e..ede7a153c69a 100644
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -1503,7 +1503,7 @@ struct hci_cp_le_set_scan_enable {
} __packed;
#define HCI_LE_USE_PEER_ADDR 0x00
-#define HCI_LE_USE_WHITELIST 0x01
+#define HCI_LE_USE_ACCEPT_LIST 0x01
#define HCI_OP_LE_CREATE_CONN 0x200d
struct hci_cp_le_create_conn {
@@ -1523,22 +1523,22 @@ struct hci_cp_le_create_conn {
#define HCI_OP_LE_CREATE_CONN_CANCEL 0x200e
-#define HCI_OP_LE_READ_WHITE_LIST_SIZE 0x200f
-struct hci_rp_le_read_white_list_size {
+#define HCI_OP_LE_READ_ACCEPT_LIST_SIZE 0x200f
+struct hci_rp_le_read_accept_list_size {
__u8 status;
__u8 size;
} __packed;
-#define HCI_OP_LE_CLEAR_WHITE_LIST 0x2010
+#define HCI_OP_LE_CLEAR_ACCEPT_LIST 0x2010
-#define HCI_OP_LE_ADD_TO_WHITE_LIST 0x2011
-struct hci_cp_le_add_to_white_list {
+#define HCI_OP_LE_ADD_TO_ACCEPT_LIST 0x2011
+struct hci_cp_le_add_to_accept_list {
__u8 bdaddr_type;
bdaddr_t bdaddr;
} __packed;
-#define HCI_OP_LE_DEL_FROM_WHITE_LIST 0x2012
-struct hci_cp_le_del_from_white_list {
+#define HCI_OP_LE_DEL_FROM_ACCEPT_LIST 0x2012
+struct hci_cp_le_del_from_accept_list {
__u8 bdaddr_type;
bdaddr_t bdaddr;
} __packed;
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 0520c550086e..11a92bb4d7a9 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -308,7 +308,7 @@ struct hci_dev {
__u8 max_page;
__u8 features[HCI_MAX_PAGES][8];
__u8 le_features[8];
- __u8 le_white_list_size;
+ __u8 le_accept_list_size;
__u8 le_resolv_list_size;
__u8 le_num_of_adv_sets;
__u8 le_states[8];
@@ -499,14 +499,14 @@ struct hci_dev {
struct hci_conn_hash conn_hash;
struct list_head mgmt_pending;
- struct list_head blacklist;
- struct list_head whitelist;
+ struct list_head reject_list;
+ struct list_head accept_list;
struct list_head uuids;
struct list_head link_keys;
struct list_head long_term_keys;
struct list_head identity_resolving_keys;
struct list_head remote_oob_data;
- struct list_head le_white_list;
+ struct list_head le_accept_list;
struct list_head le_resolv_list;
struct list_head le_conn_params;
struct list_head pend_le_conns;
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 99657c1e66ba..2cb0cf035476 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -742,14 +742,14 @@ static int hci_init3_req(struct hci_request *req, unsigned long opt)
}
if (hdev->commands[26] & 0x40) {
- /* Read LE White List Size */
- hci_req_add(req, HCI_OP_LE_READ_WHITE_LIST_SIZE,
+ /* Read LE Accept List Size */
+ hci_req_add(req, HCI_OP_LE_READ_ACCEPT_LIST_SIZE,
0, NULL);
}
if (hdev->commands[26] & 0x80) {
- /* Clear LE White List */
- hci_req_add(req, HCI_OP_LE_CLEAR_WHITE_LIST, 0, NULL);
+ /* Clear LE Accept List */
+ hci_req_add(req, HCI_OP_LE_CLEAR_ACCEPT_LIST, 0, NULL);
}
if (hdev->commands[34] & 0x40) {
@@ -3548,13 +3548,13 @@ static int hci_suspend_notifier(struct notifier_block *nb, unsigned long action,
/* Suspend consists of two actions:
* - First, disconnect everything and make the controller not
* connectable (disabling scanning)
- * - Second, program event filter/whitelist and enable scan
+ * - Second, program event filter/accept list and enable scan
*/
ret = hci_change_suspend_state(hdev, BT_SUSPEND_DISCONNECT);
if (!ret)
state = BT_SUSPEND_DISCONNECT;
- /* Only configure whitelist if disconnect succeeded and wake
+ /* Only configure accept list if disconnect succeeded and wake
* isn't being prevented.
*/
if (!ret && !(hdev->prevent_wake && hdev->prevent_wake(hdev))) {
@@ -3657,14 +3657,14 @@ struct hci_dev *hci_alloc_dev(void)
mutex_init(&hdev->req_lock);
INIT_LIST_HEAD(&hdev->mgmt_pending);
- INIT_LIST_HEAD(&hdev->blacklist);
- INIT_LIST_HEAD(&hdev->whitelist);
+ INIT_LIST_HEAD(&hdev->reject_list);
+ INIT_LIST_HEAD(&hdev->accept_list);
INIT_LIST_HEAD(&hdev->uuids);
INIT_LIST_HEAD(&hdev->link_keys);
INIT_LIST_HEAD(&hdev->long_term_keys);
INIT_LIST_HEAD(&hdev->identity_resolving_keys);
INIT_LIST_HEAD(&hdev->remote_oob_data);
- INIT_LIST_HEAD(&hdev->le_white_list);
+ INIT_LIST_HEAD(&hdev->le_accept_list);
INIT_LIST_HEAD(&hdev->le_resolv_list);
INIT_LIST_HEAD(&hdev->le_conn_params);
INIT_LIST_HEAD(&hdev->pend_le_conns);
@@ -3880,8 +3880,8 @@ void hci_cleanup_dev(struct hci_dev *hdev)
destroy_workqueue(hdev->req_workqueue);
hci_dev_lock(hdev);
- hci_bdaddr_list_clear(&hdev->blacklist);
- hci_bdaddr_list_clear(&hdev->whitelist);
+ hci_bdaddr_list_clear(&hdev->reject_list);
+ hci_bdaddr_list_clear(&hdev->accept_list);
hci_uuids_clear(hdev);
hci_link_keys_clear(hdev);
hci_smp_ltks_clear(hdev);
@@ -3889,7 +3889,7 @@ void hci_cleanup_dev(struct hci_dev *hdev)
hci_remote_oob_data_clear(hdev);
hci_adv_instances_clear(hdev);
hci_adv_monitors_clear(hdev);
- hci_bdaddr_list_clear(&hdev->le_white_list);
+ hci_bdaddr_list_clear(&hdev->le_accept_list);
hci_bdaddr_list_clear(&hdev->le_resolv_list);
hci_conn_params_clear_all(hdev);
hci_discovery_filter_clear(hdev);
diff --git a/net/bluetooth/hci_debugfs.c b/net/bluetooth/hci_debugfs.c
index 5e8af2658e44..338833f12365 100644
--- a/net/bluetooth/hci_debugfs.c
+++ b/net/bluetooth/hci_debugfs.c
@@ -125,7 +125,7 @@ static int device_list_show(struct seq_file *f, void *ptr)
struct bdaddr_list *b;
hci_dev_lock(hdev);
- list_for_each_entry(b, &hdev->whitelist, list)
+ list_for_each_entry(b, &hdev->accept_list, list)
seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
list_for_each_entry(p, &hdev->le_conn_params, list) {
seq_printf(f, "%pMR (type %u) %u\n", &p->addr, p->addr_type,
@@ -144,7 +144,7 @@ static int blacklist_show(struct seq_file *f, void *p)
struct bdaddr_list *b;
hci_dev_lock(hdev);
- list_for_each_entry(b, &hdev->blacklist, list)
+ list_for_each_entry(b, &hdev->reject_list, list)
seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
hci_dev_unlock(hdev);
@@ -734,7 +734,7 @@ static int white_list_show(struct seq_file *f, void *ptr)
struct bdaddr_list *b;
hci_dev_lock(hdev);
- list_for_each_entry(b, &hdev->le_white_list, list)
+ list_for_each_entry(b, &hdev->le_accept_list, list)
seq_printf(f, "%pMR (type %u)\n", &b->bdaddr, b->bdaddr_type);
hci_dev_unlock(hdev);
@@ -1145,7 +1145,7 @@ void hci_debugfs_create_le(struct hci_dev *hdev)
&force_static_address_fops);
debugfs_create_u8("white_list_size", 0444, hdev->debugfs,
- &hdev->le_white_list_size);
+ &hdev->le_accept_list_size);
debugfs_create_file("white_list", 0444, hdev->debugfs, hdev,
&white_list_fops);
debugfs_create_u8("resolv_list_size", 0444, hdev->debugfs,
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 061ef20e135e..f75869835e3e 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -236,7 +236,7 @@ static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
hdev->ssp_debug_mode = 0;
- hci_bdaddr_list_clear(&hdev->le_white_list);
+ hci_bdaddr_list_clear(&hdev->le_accept_list);
hci_bdaddr_list_clear(&hdev->le_resolv_list);
}
@@ -1456,21 +1456,21 @@ static void hci_cc_le_read_num_adv_sets(struct hci_dev *hdev,
hdev->le_num_of_adv_sets = rp->num_of_sets;
}
-static void hci_cc_le_read_white_list_size(struct hci_dev *hdev,
- struct sk_buff *skb)
+static void hci_cc_le_read_accept_list_size(struct hci_dev *hdev,
+ struct sk_buff *skb)
{
- struct hci_rp_le_read_white_list_size *rp = (void *) skb->data;
+ struct hci_rp_le_read_accept_list_size *rp = (void *)skb->data;
BT_DBG("%s status 0x%2.2x size %u", hdev->name, rp->status, rp->size);
if (rp->status)
return;
- hdev->le_white_list_size = rp->size;
+ hdev->le_accept_list_size = rp->size;
}
-static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
- struct sk_buff *skb)
+static void hci_cc_le_clear_accept_list(struct hci_dev *hdev,
+ struct sk_buff *skb)
{
__u8 status = *((__u8 *) skb->data);
@@ -1479,13 +1479,13 @@ static void hci_cc_le_clear_white_list(struct hci_dev *hdev,
if (status)
return;
- hci_bdaddr_list_clear(&hdev->le_white_list);
+ hci_bdaddr_list_clear(&hdev->le_accept_list);
}
-static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
- struct sk_buff *skb)
+static void hci_cc_le_add_to_accept_list(struct hci_dev *hdev,
+ struct sk_buff *skb)
{
- struct hci_cp_le_add_to_white_list *sent;
+ struct hci_cp_le_add_to_accept_list *sent;
__u8 status = *((__u8 *) skb->data);
BT_DBG("%s status 0x%2.2x", hdev->name, status);
@@ -1493,18 +1493,18 @@ static void hci_cc_le_add_to_white_list(struct hci_dev *hdev,
if (status)
return;
- sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_WHITE_LIST);
+ sent = hci_sent_cmd_data(hdev, HCI_OP_LE_ADD_TO_ACCEPT_LIST);
if (!sent)
return;
- hci_bdaddr_list_add(&hdev->le_white_list, &sent->bdaddr,
- sent->bdaddr_type);
+ hci_bdaddr_list_add(&hdev->le_accept_list, &sent->bdaddr,
+ sent->bdaddr_type);
}
-static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
- struct sk_buff *skb)
+static void hci_cc_le_del_from_accept_list(struct hci_dev *hdev,
+ struct sk_buff *skb)
{
- struct hci_cp_le_del_from_white_list *sent;
+ struct hci_cp_le_del_from_accept_list *sent;
__u8 status = *((__u8 *) skb->data);
BT_DBG("%s status 0x%2.2x", hdev->name, status);
@@ -1512,11 +1512,11 @@ static void hci_cc_le_del_from_white_list(struct hci_dev *hdev,
if (status)
return;
- sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_WHITE_LIST);
+ sent = hci_sent_cmd_data(hdev, HCI_OP_LE_DEL_FROM_ACCEPT_LIST);
if (!sent)
return;
- hci_bdaddr_list_del(&hdev->le_white_list, &sent->bdaddr,
+ hci_bdaddr_list_del(&hdev->le_accept_list, &sent->bdaddr,
sent->bdaddr_type);
}
@@ -2331,7 +2331,7 @@ static void cs_le_create_conn(struct hci_dev *hdev, bdaddr_t *peer_addr,
/* We don't want the connection attempt to stick around
* indefinitely since LE doesn't have a page timeout concept
* like BR/EDR. Set a timer for any connection that doesn't use
- * the white list for connecting.
+ * the accept list for connecting.
*/
if (filter_policy == HCI_LE_USE_PEER_ADDR)
queue_delayed_work(conn->hdev->workqueue,
@@ -2587,7 +2587,7 @@ static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
* only used during suspend.
*/
if (ev->link_type == ACL_LINK &&
- hci_bdaddr_list_lookup_with_flags(&hdev->whitelist,
+ hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
&ev->bdaddr,
BDADDR_BREDR)) {
conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr,
@@ -2709,19 +2709,19 @@ static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
return;
}
- if (hci_bdaddr_list_lookup(&hdev->blacklist, &ev->bdaddr,
+ if (hci_bdaddr_list_lookup(&hdev->reject_list, &ev->bdaddr,
BDADDR_BREDR)) {
hci_reject_conn(hdev, &ev->bdaddr);
return;
}
- /* Require HCI_CONNECTABLE or a whitelist entry to accept the
+ /* Require HCI_CONNECTABLE or an accept list entry to accept the
* connection. These features are only touched through mgmt so
* only do the checks if HCI_MGMT is set.
*/
if (hci_dev_test_flag(hdev, HCI_MGMT) &&
!hci_dev_test_flag(hdev, HCI_CONNECTABLE) &&
- !hci_bdaddr_list_lookup_with_flags(&hdev->whitelist, &ev->bdaddr,
+ !hci_bdaddr_list_lookup_with_flags(&hdev->accept_list, &ev->bdaddr,
BDADDR_BREDR)) {
hci_reject_conn(hdev, &ev->bdaddr);
return;
@@ -3481,20 +3481,20 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb,
hci_cc_le_set_scan_enable(hdev, skb);
break;
- case HCI_OP_LE_READ_WHITE_LIST_SIZE:
- hci_cc_le_read_white_list_size(hdev, skb);
+ case HCI_OP_LE_READ_ACCEPT_LIST_SIZE:
+ hci_cc_le_read_accept_list_size(hdev, skb);
break;
- case HCI_OP_LE_CLEAR_WHITE_LIST:
- hci_cc_le_clear_white_list(hdev, skb);
+ case HCI_OP_LE_CLEAR_ACCEPT_LIST:
+ hci_cc_le_clear_accept_list(hdev, skb);
break;
- case HCI_OP_LE_ADD_TO_WHITE_LIST:
- hci_cc_le_add_to_white_list(hdev, skb);
+ case HCI_OP_LE_ADD_TO_ACCEPT_LIST:
+ hci_cc_le_add_to_accept_list(hdev, skb);
break;
- case HCI_OP_LE_DEL_FROM_WHITE_LIST:
- hci_cc_le_del_from_white_list(hdev, skb);
+ case HCI_OP_LE_DEL_FROM_ACCEPT_LIST:
+ hci_cc_le_del_from_accept_list(hdev, skb);
break;
case HCI_OP_LE_READ_SUPPORTED_STATES:
@@ -5154,7 +5154,7 @@ static void le_conn_complete_evt(struct hci_dev *hdev, u8 status,
/* If we didn't have a hci_conn object previously
* but we're in central role this must be something
- * initiated using a white list. Since white list based
+ * initiated using an accept list. Since accept list based
* connections are not "first class citizens" we don't
* have full tracking of them. Therefore, we go ahead
* with a "best effort" approach of determining the
@@ -5204,7 +5204,7 @@ static void le_conn_complete_evt(struct hci_dev *hdev, u8 status,
addr_type = BDADDR_LE_RANDOM;
/* Drop the connection if the device is blocked */
- if (hci_bdaddr_list_lookup(&hdev->blacklist, &conn->dst, addr_type)) {
+ if (hci_bdaddr_list_lookup(&hdev->reject_list, &conn->dst, addr_type)) {
hci_conn_drop(conn);
goto unlock;
}
@@ -5372,7 +5372,7 @@ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev,
return NULL;
/* Ignore if the device is blocked */
- if (hci_bdaddr_list_lookup(&hdev->blacklist, addr, addr_type))
+ if (hci_bdaddr_list_lookup(&hdev->reject_list, addr, addr_type))
return NULL;
/* Most controller will fail if we try to create new connections
diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c
index eb4c1c18eb01..a0f980e61505 100644
--- a/net/bluetooth/hci_request.c
+++ b/net/bluetooth/hci_request.c
@@ -736,17 +736,17 @@ void hci_req_add_le_scan_disable(struct hci_request *req, bool rpa_le_conn)
}
}
-static void del_from_white_list(struct hci_request *req, bdaddr_t *bdaddr,
- u8 bdaddr_type)
+static void del_from_accept_list(struct hci_request *req, bdaddr_t *bdaddr,
+ u8 bdaddr_type)
{
- struct hci_cp_le_del_from_white_list cp;
+ struct hci_cp_le_del_from_accept_list cp;
cp.bdaddr_type = bdaddr_type;
bacpy(&cp.bdaddr, bdaddr);
- bt_dev_dbg(req->hdev, "Remove %pMR (0x%x) from whitelist", &cp.bdaddr,
+ bt_dev_dbg(req->hdev, "Remove %pMR (0x%x) from accept list", &cp.bdaddr,
cp.bdaddr_type);
- hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST, sizeof(cp), &cp);
+ hci_req_add(req, HCI_OP_LE_DEL_FROM_ACCEPT_LIST, sizeof(cp), &cp);
if (use_ll_privacy(req->hdev) &&
hci_dev_test_flag(req->hdev, HCI_ENABLE_LL_PRIVACY)) {
@@ -765,31 +765,31 @@ static void del_from_white_list(struct hci_request *req, bdaddr_t *bdaddr,
}
}
-/* Adds connection to white list if needed. On error, returns -1. */
-static int add_to_white_list(struct hci_request *req,
- struct hci_conn_params *params, u8 *num_entries,
- bool allow_rpa)
+/* Adds connection to accept list if needed. On error, returns -1. */
+static int add_to_accept_list(struct hci_request *req,
+ struct hci_conn_params *params, u8 *num_entries,
+ bool allow_rpa)
{
- struct hci_cp_le_add_to_white_list cp;
+ struct hci_cp_le_add_to_accept_list cp;
struct hci_dev *hdev = req->hdev;
- /* Already in white list */
- if (hci_bdaddr_list_lookup(&hdev->le_white_list, ¶ms->addr,
+ /* Already in accept list */
+ if (hci_bdaddr_list_lookup(&hdev->le_accept_list, ¶ms->addr,
params->addr_type))
return 0;
/* Select filter policy to accept all advertising */
- if (*num_entries >= hdev->le_white_list_size)
+ if (*num_entries >= hdev->le_accept_list_size)
return -1;
- /* White list can not be used with RPAs */
+ /* Accept list can not be used with RPAs */
if (!allow_rpa &&
!hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) &&
hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type)) {
return -1;
}
- /* During suspend, only wakeable devices can be in whitelist */
+ /* During suspend, only wakeable devices can be in accept list */
if (hdev->suspended && !hci_conn_test_flag(HCI_CONN_FLAG_REMOTE_WAKEUP,
params->current_flags))
return 0;
@@ -798,9 +798,9 @@ static int add_to_white_list(struct hci_request *req,
cp.bdaddr_type = params->addr_type;
bacpy(&cp.bdaddr, ¶ms->addr);
- bt_dev_dbg(hdev, "Add %pMR (0x%x) to whitelist", &cp.bdaddr,
+ bt_dev_dbg(hdev, "Add %pMR (0x%x) to accept list", &cp.bdaddr,
cp.bdaddr_type);
- hci_req_add(req, HCI_OP_LE_ADD_TO_WHITE_LIST, sizeof(cp), &cp);
+ hci_req_add(req, HCI_OP_LE_ADD_TO_ACCEPT_LIST, sizeof(cp), &cp);
if (use_ll_privacy(hdev) &&
hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY)) {
@@ -828,15 +828,15 @@ static int add_to_white_list(struct hci_request *req,
return 0;
}
-static u8 update_white_list(struct hci_request *req)
+static u8 update_accept_list(struct hci_request *req)
{
struct hci_dev *hdev = req->hdev;
struct hci_conn_params *params;
struct bdaddr_list *b;
u8 num_entries = 0;
bool pend_conn, pend_report;
- /* We allow whitelisting even with RPAs in suspend. In the worst case,
- * we won't be able to wake from devices that use the privacy1.2
+ /* We allow usage of accept list even with RPAs in suspend. In the worst
+ * case, we won't be able to wake from devices that use the privacy1.2
* features. Additionally, once we support privacy1.2 and IRK
* offloading, we can update this to also check for those conditions.
*/
@@ -846,13 +846,13 @@ static u8 update_white_list(struct hci_request *req)
hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
allow_rpa = true;
- /* Go through the current white list programmed into the
+ /* Go through the current accept list programmed into the
* controller one by one and check if that address is still
* in the list of pending connections or list of devices to
* report. If not present in either list, then queue the
* command to remove it from the controller.
*/
- list_for_each_entry(b, &hdev->le_white_list, list) {
+ list_for_each_entry(b, &hdev->le_accept_list, list) {
pend_conn = hci_pend_le_action_lookup(&hdev->pend_le_conns,
&b->bdaddr,
b->bdaddr_type);
@@ -861,14 +861,14 @@ static u8 update_white_list(struct hci_request *req)
b->bdaddr_type);
/* If the device is not likely to connect or report,
- * remove it from the whitelist.
+ * remove it from the accept list.
*/
if (!pend_conn && !pend_report) {
- del_from_white_list(req, &b->bdaddr, b->bdaddr_type);
+ del_from_accept_list(req, &b->bdaddr, b->bdaddr_type);
continue;
}
- /* White list can not be used with RPAs */
+ /* Accept list can not be used with RPAs */
if (!allow_rpa &&
!hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY) &&
hci_find_irk_by_addr(hdev, &b->bdaddr, b->bdaddr_type)) {
@@ -878,27 +878,27 @@ static u8 update_white_list(struct hci_request *req)
num_entries++;
}
- /* Since all no longer valid white list entries have been
+ /* Since all no longer valid accept list entries have been
* removed, walk through the list of pending connections
* and ensure that any new device gets programmed into
* the controller.
*
* If the list of the devices is larger than the list of
- * available white list entries in the controller, then
+ * available accept list entries in the controller, then
* just abort and return filer policy value to not use the
- * white list.
+ * accept list.
*/
list_for_each_entry(params, &hdev->pend_le_conns, action) {
- if (add_to_white_list(req, params, &num_entries, allow_rpa))
+ if (add_to_accept_list(req, params, &num_entries, allow_rpa))
return 0x00;
}
/* After adding all new pending connections, walk through
* the list of pending reports and also add these to the
- * white list if there is still space. Abort if space runs out.
+ * accept list if there is still space. Abort if space runs out.
*/
list_for_each_entry(params, &hdev->pend_le_reports, action) {
- if (add_to_white_list(req, params, &num_entries, allow_rpa))
+ if (add_to_accept_list(req, params, &num_entries, allow_rpa))
return 0x00;
}
@@ -915,7 +915,7 @@ static u8 update_white_list(struct hci_request *req)
hdev->interleave_scan_state != INTERLEAVE_SCAN_ALLOWLIST)
return 0x00;
- /* Select filter policy to use white list */
+ /* Select filter policy to use accept list */
return 0x01;
}
@@ -1069,20 +1069,20 @@ void hci_req_add_le_passive_scan(struct hci_request *req)
return;
bt_dev_dbg(hdev, "interleave state %d", hdev->interleave_scan_state);
- /* Adding or removing entries from the white list must
+ /* Adding or removing entries from the accept list must
* happen before enabling scanning. The controller does
- * not allow white list modification while scanning.
+ * not allow accept list modification while scanning.
*/
- filter_policy = update_white_list(req);
+ filter_policy = update_accept_list(req);
/* When the controller is using random resolvable addresses and
* with that having LE privacy enabled, then controllers with
* Extended Scanner Filter Policies support can now enable support
* for handling directed advertising.
*
- * So instead of using filter polices 0x00 (no whitelist)
- * and 0x01 (whitelist enabled) use the new filter policies
- * 0x02 (no whitelist) and 0x03 (whitelist enabled).
+ * So instead of using filter polices 0x00 (no accept list)
+ * and 0x01 (accept list enabled) use the new filter policies
+ * 0x02 (no accept list) and 0x03 (accept list enabled).
*/
if (hci_dev_test_flag(hdev, HCI_PRIVACY) &&
(hdev->le_features[0] & HCI_LE_EXT_SCAN_POLICY))
@@ -1102,7 +1102,8 @@ void hci_req_add_le_passive_scan(struct hci_request *req)
interval = hdev->le_scan_interval;
}
- bt_dev_dbg(hdev, "LE passive scan with whitelist = %d", filter_policy);
+ bt_dev_dbg(hdev, "LE passive scan with accept list = %d",
+ filter_policy);
hci_req_start_scan(req, LE_SCAN_PASSIVE, interval, window,
own_addr_type, filter_policy, addr_resolv);
}
@@ -1150,7 +1151,7 @@ static void hci_req_set_event_filter(struct hci_request *req)
/* Always clear event filter when starting */
hci_req_clear_event_filter(req);
- list_for_each_entry(b, &hdev->whitelist, list) {
+ list_for_each_entry(b, &hdev->accept_list, list) {
if (!hci_conn_test_flag(HCI_CONN_FLAG_REMOTE_WAKEUP,
b->current_flags))
continue;
@@ -2562,11 +2563,11 @@ int hci_update_random_address(struct hci_request *req, bool require_privacy,
return 0;
}
-static bool disconnected_whitelist_entries(struct hci_dev *hdev)
+static bool disconnected_accept_list_entries(struct hci_dev *hdev)
{
struct bdaddr_list *b;
- list_for_each_entry(b, &hdev->whitelist, list) {
+ list_for_each_entry(b, &hdev->accept_list, list) {
struct hci_conn *conn;
conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &b->bdaddr);
@@ -2598,7 +2599,7 @@ void __hci_req_update_scan(struct hci_request *req)
return;
if (hci_dev_test_flag(hdev, HCI_CONNECTABLE) ||
- disconnected_whitelist_entries(hdev))
+ disconnected_accept_list_entries(hdev))
scan = SCAN_PAGE;
else
scan = SCAN_DISABLED;
@@ -3087,7 +3088,7 @@ static int active_scan(struct hci_request *req, unsigned long opt)
uint16_t interval = opt;
struct hci_dev *hdev = req->hdev;
u8 own_addr_type;
- /* White list is not used for discovery */
+ /* Accept list is not used for discovery */
u8 filter_policy = 0x00;
/* Discovery doesn't require controller address resolution */
bool addr_resolv = false;
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 53f85d7c5f9e..71d18d3295f5 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -897,7 +897,7 @@ static int hci_sock_release(struct socket *sock)
return 0;
}
-static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
+static int hci_sock_reject_list_add(struct hci_dev *hdev, void __user *arg)
{
bdaddr_t bdaddr;
int err;
@@ -907,14 +907,14 @@ static int hci_sock_blacklist_add(struct hci_dev *hdev, void __user *arg)
hci_dev_lock(hdev);
- err = hci_bdaddr_list_add(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
+ err = hci_bdaddr_list_add(&hdev->reject_list, &bdaddr, BDADDR_BREDR);
hci_dev_unlock(hdev);
return err;
}
-static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
+static int hci_sock_reject_list_del(struct hci_dev *hdev, void __user *arg)
{
bdaddr_t bdaddr;
int err;
@@ -924,7 +924,7 @@ static int hci_sock_blacklist_del(struct hci_dev *hdev, void __user *arg)
hci_dev_lock(hdev);
- err = hci_bdaddr_list_del(&hdev->blacklist, &bdaddr, BDADDR_BREDR);
+ err = hci_bdaddr_list_del(&hdev->reject_list, &bdaddr, BDADDR_BREDR);
hci_dev_unlock(hdev);
@@ -964,12 +964,12 @@ static int hci_sock_bound_ioctl(struct sock *sk, unsigned int cmd,
case HCIBLOCKADDR:
if (!capable(CAP_NET_ADMIN))
return -EPERM;
- return hci_sock_blacklist_add(hdev, (void __user *)arg);
+ return hci_sock_reject_list_add(hdev, (void __user *)arg);
case HCIUNBLOCKADDR:
if (!capable(CAP_NET_ADMIN))
return -EPERM;
- return hci_sock_blacklist_del(hdev, (void __user *)arg);
+ return hci_sock_reject_list_del(hdev, (void __user *)arg);
}
return -ENOIOCTLCMD;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 6c80e62cea0c..2557cd917f5e 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -7652,7 +7652,7 @@ static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
* at least ensure that we ignore incoming data from them.
*/
if (hcon->type == LE_LINK &&
- hci_bdaddr_list_lookup(&hcon->hdev->blacklist, &hcon->dst,
+ hci_bdaddr_list_lookup(&hcon->hdev->reject_list, &hcon->dst,
bdaddr_dst_type(hcon))) {
kfree_skb(skb);
return;
@@ -8108,7 +8108,7 @@ static void l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
dst_type = bdaddr_dst_type(hcon);
/* If device is blocked, do not create channels for it */
- if (hci_bdaddr_list_lookup(&hdev->blacklist, &hcon->dst, dst_type))
+ if (hci_bdaddr_list_lookup(&hdev->reject_list, &hcon->dst, dst_type))
return;
/* Find fixed channels and notify them of the new connection. We
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 08f67f91d427..878bf7382244 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -4041,7 +4041,7 @@ static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
memset(&rp, 0, sizeof(rp));
if (cp->addr.type == BDADDR_BREDR) {
- br_params = hci_bdaddr_list_lookup_with_flags(&hdev->whitelist,
+ br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
&cp->addr.bdaddr,
cp->addr.type);
if (!br_params)
@@ -4109,7 +4109,7 @@ static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
hci_dev_lock(hdev);
if (cp->addr.type == BDADDR_BREDR) {
- br_params = hci_bdaddr_list_lookup_with_flags(&hdev->whitelist,
+ br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
&cp->addr.bdaddr,
cp->addr.type);
@@ -4979,7 +4979,7 @@ static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
hci_dev_lock(hdev);
- err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
+ err = hci_bdaddr_list_add(&hdev->reject_list, &cp->addr.bdaddr,
cp->addr.type);
if (err < 0) {
status = MGMT_STATUS_FAILED;
@@ -5015,7 +5015,7 @@ static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
hci_dev_lock(hdev);
- err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
+ err = hci_bdaddr_list_del(&hdev->reject_list, &cp->addr.bdaddr,
cp->addr.type);
if (err < 0) {
status = MGMT_STATUS_INVALID_PARAMS;
@@ -6506,7 +6506,7 @@ static int add_device(struct sock *sk, struct hci_dev *hdev,
goto unlock;
}
- err = hci_bdaddr_list_add_with_flags(&hdev->whitelist,
+ err = hci_bdaddr_list_add_with_flags(&hdev->accept_list,
&cp->addr.bdaddr,
cp->addr.type, 0);
if (err)
@@ -6604,7 +6604,7 @@ static int remove_device(struct sock *sk, struct hci_dev *hdev,
}
if (cp->addr.type == BDADDR_BREDR) {
- err = hci_bdaddr_list_del(&hdev->whitelist,
+ err = hci_bdaddr_list_del(&hdev->accept_list,
&cp->addr.bdaddr,
cp->addr.type);
if (err) {
@@ -6675,7 +6675,7 @@ static int remove_device(struct sock *sk, struct hci_dev *hdev,
goto unlock;
}
- list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
+ list_for_each_entry_safe(b, btmp, &hdev->accept_list, list) {
device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
list_del(&b->list);
kfree(b);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 221/452] Bluetooth: use hdev lock for accept_list and reject_list in conn req
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 220/452] Bluetooth: use inclusive language when filtering devices Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 222/452] nvme: set dma alignment to dword Greg Kroah-Hartman
` (236 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niels Dossche, Marcel Holtmann, Sasha Levin
From: Niels Dossche <dossche.niels@gmail.com>
[ Upstream commit fb048cae51bacdfbbda2954af3c213fdb1d484f4 ]
All accesses (both reads and modifications) to
hdev->{accept,reject}_list are protected by hdev lock,
except the ones in hci_conn_request_evt. This can cause a race
condition in the form of a list corruption.
The solution is to protect these lists in hci_conn_request_evt as well.
I was unable to find the exact commit that introduced the issue for the
reject list, I was only able to find it for the accept list.
Fixes: a55bd29d5227 ("Bluetooth: Add white list lookup for incoming connection requests")
Signed-off-by: Niels Dossche <dossche.niels@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_event.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index f75869835e3e..954b29605c94 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -2709,10 +2709,12 @@ static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
return;
}
+ hci_dev_lock(hdev);
+
if (hci_bdaddr_list_lookup(&hdev->reject_list, &ev->bdaddr,
BDADDR_BREDR)) {
hci_reject_conn(hdev, &ev->bdaddr);
- return;
+ goto unlock;
}
/* Require HCI_CONNECTABLE or an accept list entry to accept the
@@ -2724,13 +2726,11 @@ static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
!hci_bdaddr_list_lookup_with_flags(&hdev->accept_list, &ev->bdaddr,
BDADDR_BREDR)) {
hci_reject_conn(hdev, &ev->bdaddr);
- return;
+ goto unlock;
}
/* Connection accepted */
- hci_dev_lock(hdev);
-
ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
if (ie)
memcpy(ie->data.dev_class, ev->dev_class, 3);
@@ -2742,8 +2742,7 @@ static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
HCI_ROLE_SLAVE);
if (!conn) {
bt_dev_err(hdev, "no memory for new connection");
- hci_dev_unlock(hdev);
- return;
+ goto unlock;
}
}
@@ -2783,6 +2782,10 @@ static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
conn->state = BT_CONNECT2;
hci_connect_cfm(conn, 0);
}
+
+ return;
+unlock:
+ hci_dev_unlock(hdev);
}
static u8 hci_to_mgmt_reason(u8 err)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 222/452] nvme: set dma alignment to dword
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 221/452] Bluetooth: use hdev lock for accept_list and reject_list in conn req Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 223/452] m68k: math-emu: Fix dependencies of math emulation support Greg Kroah-Hartman
` (235 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Keith Busch, Christoph Hellwig, Sasha Levin
From: Keith Busch <kbusch@kernel.org>
[ Upstream commit 52fde2c07da606f3f120af4f734eadcfb52b04be ]
The nvme specification only requires qword alignment for segment
descriptors, and the driver already guarantees that. The spec has always
allowed user data to be dword aligned, which is what the queue's
attribute is for, so relax the alignment requirement to that value.
While we could allow byte alignment for some controllers when using
SGLs, we still need to support PRP, and that only allows dword.
Fixes: 3b2a1ebceba3 ("nvme: set dma alignment to qword")
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index e73a5c62a858..d301f0280ff6 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -2024,7 +2024,7 @@ static void nvme_set_queue_limits(struct nvme_ctrl *ctrl,
blk_queue_max_segments(q, min_t(u32, max_segments, USHRT_MAX));
}
blk_queue_virt_boundary(q, NVME_CTRL_PAGE_SIZE - 1);
- blk_queue_dma_alignment(q, 7);
+ blk_queue_dma_alignment(q, 3);
blk_queue_write_cache(q, vwc, vwc);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 223/452] m68k: math-emu: Fix dependencies of math emulation support
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 222/452] nvme: set dma alignment to dword Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 224/452] lsm,selinux: pass flowi_common instead of flowi to the LSM hooks Greg Kroah-Hartman
` (234 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot,
Geert Uytterhoeven, Greg Ungerer, Sasha Levin
From: Geert Uytterhoeven <geert@linux-m68k.org>
[ Upstream commit ed6bc6bf0a7d75e80eb1df883c09975ebb74e590 ]
If CONFIG_M54xx=y, CONFIG_MMU=y, and CONFIG_M68KFPU_EMU=y:
{standard input}:272: Error: invalid instruction for this architecture; needs 68000 or higher (68000 [68ec000, 68hc000, 68hc001, 68008, 68302, 68306, 68307, 68322, 68356], 68010, 68020 [68k, 68ec020], 68030 [68ec030], 68040 [68ec040], 68060 [68ec060], cpu32 [68330, 68331, 68332, 68333, 68334, 68336, 68340, 68341, 68349, 68360], fidoa [fido]) -- statement `sub.b %d1,%d3' ignored
{standard input}:609: Error: invalid instruction for this architecture; needs 68020 or higher (68020 [68k, 68ec020], 68030 [68ec030], 68040 [68ec040], 68060 [68ec060]) -- statement `bfextu 4(%a1){%d0,#8},%d0' ignored
{standard input}:752: Error: operands mismatch -- statement `mulu.l 4(%a0),%d3:%d0' ignored
{standard input}:1155: Error: operands mismatch -- statement `divu.l %d0,%d3:%d7' ignored
The math emulation support code is intended for 68020 and higher, and
uses several instructions or instruction modes not available on coldfire
or 68000.
Originally, the dependency of M68KFPU_EMU on MMU was fine, as MMU
support was only available on 68020 or higher. But this assumption
was broken by the introduction of MMU support for M547x and M548x.
Drop the dependency on MMU, as the code should work fine on 68020 and up
without MMU (which are not yet supported by Linux, though).
Add dependencies on M68KCLASSIC (to rule out Coldfire) and FPU (kernel
has some type of floating-point support --- be it hardware or software
emulated, to rule out anything below 68020).
Fixes: 1f7034b9616e6f14 ("m68k: allow ColdFire 547x and 548x CPUs to be built with MMU enabled")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Reviewed-by: Greg Ungerer <gerg@linux-m68k.org>
Link: https://lore.kernel.org/r/18c34695b7c95107f60ccca82a4ff252f3edf477.1652446117.git.geert@linux-m68k.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/m68k/Kconfig.cpu | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/m68k/Kconfig.cpu b/arch/m68k/Kconfig.cpu
index c17205da47fe..936cd9619bf0 100644
--- a/arch/m68k/Kconfig.cpu
+++ b/arch/m68k/Kconfig.cpu
@@ -312,7 +312,7 @@ comment "Processor Specific Options"
config M68KFPU_EMU
bool "Math emulation support"
- depends on MMU
+ depends on M68KCLASSIC && FPU
help
At some point in the future, this will cause floating-point math
instructions to be emulated by the kernel on machines that lack a
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 224/452] lsm,selinux: pass flowi_common instead of flowi to the LSM hooks
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 223/452] m68k: math-emu: Fix dependencies of math emulation support Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 225/452] sctp: read sk->sk_bound_dev_if once in sctp_rcv() Greg Kroah-Hartman
` (233 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Herbert Xu, James Morris, Paul Moore,
Sasha Levin
From: Paul Moore <paul@paul-moore.com>
[ Upstream commit 3df98d79215ace13d1e91ddfc5a67a0f5acbd83f ]
As pointed out by Herbert in a recent related patch, the LSM hooks do
not have the necessary address family information to use the flowi
struct safely. As none of the LSMs currently use any of the protocol
specific flowi information, replace the flowi pointers with pointers
to the address family independent flowi_common struct.
Reported-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: James Morris <jamorris@linux.microsoft.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../chelsio/inline_crypto/chtls/chtls_cm.c | 2 +-
drivers/net/wireguard/socket.c | 4 ++--
include/linux/lsm_hook_defs.h | 4 ++--
include/linux/lsm_hooks.h | 2 +-
include/linux/security.h | 23 +++++++++++--------
include/net/flow.h | 10 ++++++++
include/net/route.h | 6 ++---
net/dccp/ipv4.c | 2 +-
net/dccp/ipv6.c | 6 ++---
net/ipv4/icmp.c | 4 ++--
net/ipv4/inet_connection_sock.c | 4 ++--
net/ipv4/ip_output.c | 2 +-
net/ipv4/ping.c | 2 +-
net/ipv4/raw.c | 2 +-
net/ipv4/syncookies.c | 2 +-
net/ipv4/udp.c | 2 +-
net/ipv6/af_inet6.c | 2 +-
net/ipv6/datagram.c | 2 +-
net/ipv6/icmp.c | 6 ++---
net/ipv6/inet6_connection_sock.c | 4 ++--
net/ipv6/netfilter/nf_reject_ipv6.c | 2 +-
net/ipv6/ping.c | 2 +-
net/ipv6/raw.c | 2 +-
net/ipv6/syncookies.c | 2 +-
net/ipv6/tcp_ipv6.c | 4 ++--
net/ipv6/udp.c | 2 +-
net/l2tp/l2tp_ip6.c | 2 +-
net/netfilter/nf_synproxy_core.c | 2 +-
net/xfrm/xfrm_state.c | 6 +++--
security/security.c | 17 +++++++-------
security/selinux/hooks.c | 4 ++--
security/selinux/include/xfrm.h | 2 +-
security/selinux/xfrm.c | 13 ++++++-----
33 files changed, 85 insertions(+), 66 deletions(-)
diff --git a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c
index d6b6ebb3f1ec..51e071c20e39 100644
--- a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c
+++ b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c
@@ -1150,7 +1150,7 @@ static struct sock *chtls_recv_sock(struct sock *lsk,
fl6.daddr = ip6h->saddr;
fl6.fl6_dport = inet_rsk(oreq)->ir_rmt_port;
fl6.fl6_sport = htons(inet_rsk(oreq)->ir_num);
- security_req_classify_flow(oreq, flowi6_to_flowi(&fl6));
+ security_req_classify_flow(oreq, flowi6_to_flowi_common(&fl6));
dst = ip6_dst_lookup_flow(sock_net(lsk), lsk, &fl6, NULL);
if (IS_ERR(dst))
goto free_sk;
diff --git a/drivers/net/wireguard/socket.c b/drivers/net/wireguard/socket.c
index 473221aa2236..eef5911fa210 100644
--- a/drivers/net/wireguard/socket.c
+++ b/drivers/net/wireguard/socket.c
@@ -49,7 +49,7 @@ static int send4(struct wg_device *wg, struct sk_buff *skb,
rt = dst_cache_get_ip4(cache, &fl.saddr);
if (!rt) {
- security_sk_classify_flow(sock, flowi4_to_flowi(&fl));
+ security_sk_classify_flow(sock, flowi4_to_flowi_common(&fl));
if (unlikely(!inet_confirm_addr(sock_net(sock), NULL, 0,
fl.saddr, RT_SCOPE_HOST))) {
endpoint->src4.s_addr = 0;
@@ -129,7 +129,7 @@ static int send6(struct wg_device *wg, struct sk_buff *skb,
dst = dst_cache_get_ip6(cache, &fl.saddr);
if (!dst) {
- security_sk_classify_flow(sock, flowi6_to_flowi(&fl));
+ security_sk_classify_flow(sock, flowi6_to_flowi_common(&fl));
if (unlikely(!ipv6_addr_any(&fl.saddr) &&
!ipv6_chk_addr(sock_net(sock), &fl.saddr, NULL, 0))) {
endpoint->src6 = fl.saddr = in6addr_any;
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index a6a3d4ddfc2d..d13631a5e908 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -311,7 +311,7 @@ LSM_HOOK(int, 0, secmark_relabel_packet, u32 secid)
LSM_HOOK(void, LSM_RET_VOID, secmark_refcount_inc, void)
LSM_HOOK(void, LSM_RET_VOID, secmark_refcount_dec, void)
LSM_HOOK(void, LSM_RET_VOID, req_classify_flow, const struct request_sock *req,
- struct flowi *fl)
+ struct flowi_common *flic)
LSM_HOOK(int, 0, tun_dev_alloc_security, void **security)
LSM_HOOK(void, LSM_RET_VOID, tun_dev_free_security, void *security)
LSM_HOOK(int, 0, tun_dev_create, void)
@@ -351,7 +351,7 @@ LSM_HOOK(int, 0, xfrm_state_delete_security, struct xfrm_state *x)
LSM_HOOK(int, 0, xfrm_policy_lookup, struct xfrm_sec_ctx *ctx, u32 fl_secid,
u8 dir)
LSM_HOOK(int, 1, xfrm_state_pol_flow_match, struct xfrm_state *x,
- struct xfrm_policy *xp, const struct flowi *fl)
+ struct xfrm_policy *xp, const struct flowi_common *flic)
LSM_HOOK(int, 0, xfrm_decode_session, struct sk_buff *skb, u32 *secid,
int ckall)
#endif /* CONFIG_SECURITY_NETWORK_XFRM */
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index a8531b37e6f5..64cdf4d7bfb3 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1105,7 +1105,7 @@
* @xfrm_state_pol_flow_match:
* @x contains the state to match.
* @xp contains the policy to check for a match.
- * @fl contains the flow to check for a match.
+ * @flic contains the flowi_common struct to check for a match.
* Return 1 if there is a match.
* @xfrm_decode_session:
* @skb points to skb to decode.
diff --git a/include/linux/security.h b/include/linux/security.h
index 330029ef7e89..e9b4b5410614 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -170,7 +170,7 @@ struct sk_buff;
struct sock;
struct sockaddr;
struct socket;
-struct flowi;
+struct flowi_common;
struct dst_entry;
struct xfrm_selector;
struct xfrm_policy;
@@ -1363,8 +1363,9 @@ int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u
int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
void security_sk_free(struct sock *sk);
void security_sk_clone(const struct sock *sk, struct sock *newsk);
-void security_sk_classify_flow(struct sock *sk, struct flowi *fl);
-void security_req_classify_flow(const struct request_sock *req, struct flowi *fl);
+void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic);
+void security_req_classify_flow(const struct request_sock *req,
+ struct flowi_common *flic);
void security_sock_graft(struct sock*sk, struct socket *parent);
int security_inet_conn_request(struct sock *sk,
struct sk_buff *skb, struct request_sock *req);
@@ -1515,11 +1516,13 @@ static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
{
}
-static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
+static inline void security_sk_classify_flow(struct sock *sk,
+ struct flowi_common *flic)
{
}
-static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
+static inline void security_req_classify_flow(const struct request_sock *req,
+ struct flowi_common *flic)
{
}
@@ -1646,9 +1649,9 @@ void security_xfrm_state_free(struct xfrm_state *x);
int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
struct xfrm_policy *xp,
- const struct flowi *fl);
+ const struct flowi_common *flic);
int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
-void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl);
+void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic);
#else /* CONFIG_SECURITY_NETWORK_XFRM */
@@ -1700,7 +1703,8 @@ static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_s
}
static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
- struct xfrm_policy *xp, const struct flowi *fl)
+ struct xfrm_policy *xp,
+ const struct flowi_common *flic)
{
return 1;
}
@@ -1710,7 +1714,8 @@ static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
return 0;
}
-static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
+static inline void security_skb_classify_flow(struct sk_buff *skb,
+ struct flowi_common *flic)
{
}
diff --git a/include/net/flow.h b/include/net/flow.h
index b2531df3f65f..39d0cedcddee 100644
--- a/include/net/flow.h
+++ b/include/net/flow.h
@@ -195,11 +195,21 @@ static inline struct flowi *flowi4_to_flowi(struct flowi4 *fl4)
return container_of(fl4, struct flowi, u.ip4);
}
+static inline struct flowi_common *flowi4_to_flowi_common(struct flowi4 *fl4)
+{
+ return &(flowi4_to_flowi(fl4)->u.__fl_common);
+}
+
static inline struct flowi *flowi6_to_flowi(struct flowi6 *fl6)
{
return container_of(fl6, struct flowi, u.ip6);
}
+static inline struct flowi_common *flowi6_to_flowi_common(struct flowi6 *fl6)
+{
+ return &(flowi6_to_flowi(fl6)->u.__fl_common);
+}
+
static inline struct flowi *flowidn_to_flowi(struct flowidn *fldn)
{
return container_of(fldn, struct flowi, u.dn);
diff --git a/include/net/route.h b/include/net/route.h
index a07c277cd33e..2551f3f03b37 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -165,7 +165,7 @@ static inline struct rtable *ip_route_output_ports(struct net *net, struct flowi
sk ? inet_sk_flowi_flags(sk) : 0,
daddr, saddr, dport, sport, sock_net_uid(net, sk));
if (sk)
- security_sk_classify_flow(sk, flowi4_to_flowi(fl4));
+ security_sk_classify_flow(sk, flowi4_to_flowi_common(fl4));
return ip_route_output_flow(net, fl4, sk);
}
@@ -322,7 +322,7 @@ static inline struct rtable *ip_route_connect(struct flowi4 *fl4,
ip_rt_put(rt);
flowi4_update_output(fl4, oif, tos, fl4->daddr, fl4->saddr);
}
- security_sk_classify_flow(sk, flowi4_to_flowi(fl4));
+ security_sk_classify_flow(sk, flowi4_to_flowi_common(fl4));
return ip_route_output_flow(net, fl4, sk);
}
@@ -338,7 +338,7 @@ static inline struct rtable *ip_route_newports(struct flowi4 *fl4, struct rtable
flowi4_update_output(fl4, sk->sk_bound_dev_if,
RT_CONN_FLAGS(sk), fl4->daddr,
fl4->saddr);
- security_sk_classify_flow(sk, flowi4_to_flowi(fl4));
+ security_sk_classify_flow(sk, flowi4_to_flowi_common(fl4));
return ip_route_output_flow(sock_net(sk), fl4, sk);
}
return rt;
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index b0b6e6a4784e..2455b0c0e486 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -464,7 +464,7 @@ static struct dst_entry* dccp_v4_route_skb(struct net *net, struct sock *sk,
.fl4_dport = dccp_hdr(skb)->dccph_sport,
};
- security_skb_classify_flow(skb, flowi4_to_flowi(&fl4));
+ security_skb_classify_flow(skb, flowi4_to_flowi_common(&fl4));
rt = ip_route_output_flow(net, &fl4, sk);
if (IS_ERR(rt)) {
IP_INC_STATS(net, IPSTATS_MIB_OUTNOROUTES);
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 49f4034bf126..2be5c69824f9 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -203,7 +203,7 @@ static int dccp_v6_send_response(const struct sock *sk, struct request_sock *req
fl6.flowi6_oif = ireq->ir_iif;
fl6.fl6_dport = ireq->ir_rmt_port;
fl6.fl6_sport = htons(ireq->ir_num);
- security_req_classify_flow(req, flowi6_to_flowi(&fl6));
+ security_req_classify_flow(req, flowi6_to_flowi_common(&fl6));
rcu_read_lock();
@@ -279,7 +279,7 @@ static void dccp_v6_ctl_send_reset(const struct sock *sk, struct sk_buff *rxskb)
fl6.flowi6_oif = inet6_iif(rxskb);
fl6.fl6_dport = dccp_hdr(skb)->dccph_dport;
fl6.fl6_sport = dccp_hdr(skb)->dccph_sport;
- security_skb_classify_flow(rxskb, flowi6_to_flowi(&fl6));
+ security_skb_classify_flow(rxskb, flowi6_to_flowi_common(&fl6));
/* sk = NULL, but it is safe for now. RST socket required. */
dst = ip6_dst_lookup_flow(sock_net(ctl_sk), ctl_sk, &fl6, NULL);
@@ -912,7 +912,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
fl6.flowi6_oif = sk->sk_bound_dev_if;
fl6.fl6_dport = usin->sin6_port;
fl6.fl6_sport = inet->inet_sport;
- security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
+ security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
final_p = fl6_update_dst(&fl6, opt, &final);
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index b71b836cc7d1..cd65d3146c30 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -447,7 +447,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb)
fl4.flowi4_tos = RT_TOS(ip_hdr(skb)->tos);
fl4.flowi4_proto = IPPROTO_ICMP;
fl4.flowi4_oif = l3mdev_master_ifindex(skb->dev);
- security_skb_classify_flow(skb, flowi4_to_flowi(&fl4));
+ security_skb_classify_flow(skb, flowi4_to_flowi_common(&fl4));
rt = ip_route_output_key(net, &fl4);
if (IS_ERR(rt))
goto out_unlock;
@@ -503,7 +503,7 @@ static struct rtable *icmp_route_lookup(struct net *net,
route_lookup_dev = icmp_get_route_lookup_dev(skb_in);
fl4->flowi4_oif = l3mdev_master_ifindex(route_lookup_dev);
- security_skb_classify_flow(skb_in, flowi4_to_flowi(fl4));
+ security_skb_classify_flow(skb_in, flowi4_to_flowi_common(fl4));
rt = ip_route_output_key_hash(net, fl4, skb_in);
if (IS_ERR(rt))
return rt;
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index addd595bb3fe..7785a4775e58 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -602,7 +602,7 @@ struct dst_entry *inet_csk_route_req(const struct sock *sk,
(opt && opt->opt.srr) ? opt->opt.faddr : ireq->ir_rmt_addr,
ireq->ir_loc_addr, ireq->ir_rmt_port,
htons(ireq->ir_num), sk->sk_uid);
- security_req_classify_flow(req, flowi4_to_flowi(fl4));
+ security_req_classify_flow(req, flowi4_to_flowi_common(fl4));
rt = ip_route_output_flow(net, fl4, sk);
if (IS_ERR(rt))
goto no_route;
@@ -640,7 +640,7 @@ struct dst_entry *inet_csk_route_child_sock(const struct sock *sk,
(opt && opt->opt.srr) ? opt->opt.faddr : ireq->ir_rmt_addr,
ireq->ir_loc_addr, ireq->ir_rmt_port,
htons(ireq->ir_num), sk->sk_uid);
- security_req_classify_flow(req, flowi4_to_flowi(fl4));
+ security_req_classify_flow(req, flowi4_to_flowi_common(fl4));
rt = ip_route_output_flow(net, fl4, sk);
if (IS_ERR(rt))
goto no_route;
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 5e48b3d3a00d..f77b0af3cb65 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1712,7 +1712,7 @@ void ip_send_unicast_reply(struct sock *sk, struct sk_buff *skb,
daddr, saddr,
tcp_hdr(skb)->source, tcp_hdr(skb)->dest,
arg->uid);
- security_skb_classify_flow(skb, flowi4_to_flowi(&fl4));
+ security_skb_classify_flow(skb, flowi4_to_flowi_common(&fl4));
rt = ip_route_output_key(net, &fl4);
if (IS_ERR(rt))
return;
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
index 2853a3f0fc63..1bad851b3fc3 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -796,7 +796,7 @@ static int ping_v4_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
fl4.fl4_icmp_type = user_icmph.type;
fl4.fl4_icmp_code = user_icmph.code;
- security_sk_classify_flow(sk, flowi4_to_flowi(&fl4));
+ security_sk_classify_flow(sk, flowi4_to_flowi_common(&fl4));
rt = ip_route_output_flow(net, &fl4, sk);
if (IS_ERR(rt)) {
err = PTR_ERR(rt);
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index 5d95f80314f9..4899ebe569eb 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -640,7 +640,7 @@ static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
goto done;
}
- security_sk_classify_flow(sk, flowi4_to_flowi(&fl4));
+ security_sk_classify_flow(sk, flowi4_to_flowi_common(&fl4));
rt = ip_route_output_flow(net, &fl4, sk);
if (IS_ERR(rt)) {
err = PTR_ERR(rt);
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index 0b616094e794..10b469aee492 100644
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -424,7 +424,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb)
inet_sk_flowi_flags(sk),
opt->srr ? opt->faddr : ireq->ir_rmt_addr,
ireq->ir_loc_addr, th->source, th->dest, sk->sk_uid);
- security_req_classify_flow(req, flowi4_to_flowi(&fl4));
+ security_req_classify_flow(req, flowi4_to_flowi_common(&fl4));
rt = ip_route_output_key(sock_net(sk), &fl4);
if (IS_ERR(rt)) {
reqsk_free(req);
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index e97a2dd206e1..6056d5609167 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1204,7 +1204,7 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
faddr, saddr, dport, inet->inet_sport,
sk->sk_uid);
- security_sk_classify_flow(sk, flowi4_to_flowi(fl4));
+ security_sk_classify_flow(sk, flowi4_to_flowi_common(fl4));
rt = ip_route_output_flow(net, fl4, sk);
if (IS_ERR(rt)) {
err = PTR_ERR(rt);
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 090575346daf..890a9cfc6ce2 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -819,7 +819,7 @@ int inet6_sk_rebuild_header(struct sock *sk)
fl6.fl6_dport = inet->inet_dport;
fl6.fl6_sport = inet->inet_sport;
fl6.flowi6_uid = sk->sk_uid;
- security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
+ security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
rcu_read_lock();
final_p = fl6_update_dst(&fl6, rcu_dereference(np->opt),
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index cc8ad7ddecda..206f66310a88 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -60,7 +60,7 @@ static void ip6_datagram_flow_key_init(struct flowi6 *fl6, struct sock *sk)
if (!fl6->flowi6_oif && ipv6_addr_is_multicast(&fl6->daddr))
fl6->flowi6_oif = np->mcast_oif;
- security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
+ security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
}
int ip6_datagram_dst_update(struct sock *sk, bool fix_sk_saddr)
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index cbab41d557b2..fd1f896115c1 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -573,7 +573,7 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
fl6.fl6_icmp_code = code;
fl6.flowi6_uid = sock_net_uid(net, NULL);
fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL);
- security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
+ security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
np = inet6_sk(sk);
@@ -755,7 +755,7 @@ static void icmpv6_echo_reply(struct sk_buff *skb)
fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
fl6.flowi6_mark = mark;
fl6.flowi6_uid = sock_net_uid(net, NULL);
- security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
+ security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
local_bh_disable();
sk = icmpv6_xmit_lock(net);
@@ -1008,7 +1008,7 @@ void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
fl6->fl6_icmp_type = type;
fl6->fl6_icmp_code = 0;
fl6->flowi6_oif = oif;
- security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
+ security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
}
static void __net_exit icmpv6_sk_exit(struct net *net)
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
index e315526fa244..5a9f4d722f35 100644
--- a/net/ipv6/inet6_connection_sock.c
+++ b/net/ipv6/inet6_connection_sock.c
@@ -46,7 +46,7 @@ struct dst_entry *inet6_csk_route_req(const struct sock *sk,
fl6->fl6_dport = ireq->ir_rmt_port;
fl6->fl6_sport = htons(ireq->ir_num);
fl6->flowi6_uid = sk->sk_uid;
- security_req_classify_flow(req, flowi6_to_flowi(fl6));
+ security_req_classify_flow(req, flowi6_to_flowi_common(fl6));
dst = ip6_dst_lookup_flow(sock_net(sk), sk, fl6, final_p);
if (IS_ERR(dst))
@@ -95,7 +95,7 @@ static struct dst_entry *inet6_csk_route_socket(struct sock *sk,
fl6->fl6_sport = inet->inet_sport;
fl6->fl6_dport = inet->inet_dport;
fl6->flowi6_uid = sk->sk_uid;
- security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
+ security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
rcu_read_lock();
final_p = fl6_update_dst(fl6, rcu_dereference(np->opt), &final);
diff --git a/net/ipv6/netfilter/nf_reject_ipv6.c b/net/ipv6/netfilter/nf_reject_ipv6.c
index 4aef6baaa55e..bf95513736c9 100644
--- a/net/ipv6/netfilter/nf_reject_ipv6.c
+++ b/net/ipv6/netfilter/nf_reject_ipv6.c
@@ -179,7 +179,7 @@ void nf_send_reset6(struct net *net, struct sk_buff *oldskb, int hook)
fl6.flowi6_oif = l3mdev_master_ifindex(skb_dst(oldskb)->dev);
fl6.flowi6_mark = IP6_REPLY_MARK(net, oldskb->mark);
- security_skb_classify_flow(oldskb, flowi6_to_flowi(&fl6));
+ security_skb_classify_flow(oldskb, flowi6_to_flowi_common(&fl6));
dst = ip6_route_output(net, NULL, &fl6);
if (dst->error) {
dst_release(dst);
diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
index 6caa062f68e7..6ac88fe24a8e 100644
--- a/net/ipv6/ping.c
+++ b/net/ipv6/ping.c
@@ -111,7 +111,7 @@ static int ping_v6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
fl6.flowi6_uid = sk->sk_uid;
fl6.fl6_icmp_type = user_icmph.icmp6_type;
fl6.fl6_icmp_code = user_icmph.icmp6_code;
- security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
+ security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
ipcm6_init_sk(&ipc6, np);
ipc6.sockc.mark = sk->sk_mark;
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 38349054e361..31eb54e92b3f 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -915,7 +915,7 @@ static int rawv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
fl6.flowi6_oif = np->mcast_oif;
else if (!fl6.flowi6_oif)
fl6.flowi6_oif = np->ucast_oif;
- security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
+ security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
if (hdrincl)
fl6.flowi6_flags |= FLOWI_FLAG_KNOWN_NH;
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c
index 5fa791cf39ca..ca92dd6981de 100644
--- a/net/ipv6/syncookies.c
+++ b/net/ipv6/syncookies.c
@@ -234,7 +234,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
fl6.fl6_dport = ireq->ir_rmt_port;
fl6.fl6_sport = inet_sk(sk)->inet_sport;
fl6.flowi6_uid = sk->sk_uid;
- security_req_classify_flow(req, flowi6_to_flowi(&fl6));
+ security_req_classify_flow(req, flowi6_to_flowi_common(&fl6));
dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
if (IS_ERR(dst))
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index df33145b876c..303b54414a6c 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -278,7 +278,7 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
final_p = fl6_update_dst(&fl6, opt, &final);
- security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
+ security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
if (IS_ERR(dst)) {
@@ -975,7 +975,7 @@ static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32
fl6.fl6_dport = t1->dest;
fl6.fl6_sport = t1->source;
fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
- security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
+ security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
/* Pass a socket to ip6_dst_lookup either it is for RST
* Underlying function will use this to retrieve the network
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 10760164a80f..7745d8a40209 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -1497,7 +1497,7 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
} else if (!fl6.flowi6_oif)
fl6.flowi6_oif = np->ucast_oif;
- security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
+ security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
if (ipc6.tclass < 0)
ipc6.tclass = np->tclass;
diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c
index e5e5036257b0..96f975777438 100644
--- a/net/l2tp/l2tp_ip6.c
+++ b/net/l2tp/l2tp_ip6.c
@@ -606,7 +606,7 @@ static int l2tp_ip6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
else if (!fl6.flowi6_oif)
fl6.flowi6_oif = np->ucast_oif;
- security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
+ security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
if (ipc6.tclass < 0)
ipc6.tclass = np->tclass;
diff --git a/net/netfilter/nf_synproxy_core.c b/net/netfilter/nf_synproxy_core.c
index 2fc4ae960769..3d6d49420db8 100644
--- a/net/netfilter/nf_synproxy_core.c
+++ b/net/netfilter/nf_synproxy_core.c
@@ -854,7 +854,7 @@ synproxy_send_tcp_ipv6(struct net *net,
fl6.fl6_sport = nth->source;
fl6.fl6_dport = nth->dest;
security_skb_classify_flow((struct sk_buff *)skb,
- flowi6_to_flowi(&fl6));
+ flowi6_to_flowi_common(&fl6));
err = nf_ip6_route(net, &dst, flowi6_to_flowi(&fl6), false);
if (err) {
goto free_nskb;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 1befc6db723b..717db5ecd0bd 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1020,7 +1020,8 @@ static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x,
if ((x->sel.family &&
(x->sel.family != family ||
!xfrm_selector_match(&x->sel, fl, family))) ||
- !security_xfrm_state_pol_flow_match(x, pol, fl))
+ !security_xfrm_state_pol_flow_match(x, pol,
+ &fl->u.__fl_common))
return;
if (!*best ||
@@ -1035,7 +1036,8 @@ static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x,
if ((!x->sel.family ||
(x->sel.family == family &&
xfrm_selector_match(&x->sel, fl, family))) &&
- security_xfrm_state_pol_flow_match(x, pol, fl))
+ security_xfrm_state_pol_flow_match(x, pol,
+ &fl->u.__fl_common))
*error = -ESRCH;
}
}
diff --git a/security/security.c b/security/security.c
index 360706cdabab..8ea826ea6167 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2223,15 +2223,16 @@ void security_sk_clone(const struct sock *sk, struct sock *newsk)
}
EXPORT_SYMBOL(security_sk_clone);
-void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
+void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic)
{
- call_void_hook(sk_getsecid, sk, &fl->flowi_secid);
+ call_void_hook(sk_getsecid, sk, &flic->flowic_secid);
}
EXPORT_SYMBOL(security_sk_classify_flow);
-void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
+void security_req_classify_flow(const struct request_sock *req,
+ struct flowi_common *flic)
{
- call_void_hook(req_classify_flow, req, fl);
+ call_void_hook(req_classify_flow, req, flic);
}
EXPORT_SYMBOL(security_req_classify_flow);
@@ -2423,7 +2424,7 @@ int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
struct xfrm_policy *xp,
- const struct flowi *fl)
+ const struct flowi_common *flic)
{
struct security_hook_list *hp;
int rc = LSM_RET_DEFAULT(xfrm_state_pol_flow_match);
@@ -2439,7 +2440,7 @@ int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
*/
hlist_for_each_entry(hp, &security_hook_heads.xfrm_state_pol_flow_match,
list) {
- rc = hp->hook.xfrm_state_pol_flow_match(x, xp, fl);
+ rc = hp->hook.xfrm_state_pol_flow_match(x, xp, flic);
break;
}
return rc;
@@ -2450,9 +2451,9 @@ int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
return call_int_hook(xfrm_decode_session, 0, skb, secid, 1);
}
-void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
+void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic)
{
- int rc = call_int_hook(xfrm_decode_session, 0, skb, &fl->flowi_secid,
+ int rc = call_int_hook(xfrm_decode_session, 0, skb, &flic->flowic_secid,
0);
BUG_ON(rc);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 8c901ae05dd8..ee37ce2e2619 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5448,9 +5448,9 @@ static void selinux_secmark_refcount_dec(void)
}
static void selinux_req_classify_flow(const struct request_sock *req,
- struct flowi *fl)
+ struct flowi_common *flic)
{
- fl->flowi_secid = req->secid;
+ flic->flowic_secid = req->secid;
}
static int selinux_tun_dev_alloc_security(void **security)
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
index a0b465316292..0a6f34a7a971 100644
--- a/security/selinux/include/xfrm.h
+++ b/security/selinux/include/xfrm.h
@@ -26,7 +26,7 @@ int selinux_xfrm_state_delete(struct xfrm_state *x);
int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
struct xfrm_policy *xp,
- const struct flowi *fl);
+ const struct flowi_common *flic);
#ifdef CONFIG_SECURITY_NETWORK_XFRM
extern atomic_t selinux_xfrm_refcount;
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 00e95f8bd7c7..114245b6f7c7 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -175,9 +175,10 @@ int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
*/
int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
struct xfrm_policy *xp,
- const struct flowi *fl)
+ const struct flowi_common *flic)
{
u32 state_sid;
+ u32 flic_sid;
if (!xp->security)
if (x->security)
@@ -196,17 +197,17 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
return 0;
state_sid = x->security->ctx_sid;
+ flic_sid = flic->flowic_secid;
- if (fl->flowi_secid != state_sid)
+ if (flic_sid != state_sid)
return 0;
/* We don't need a separate SA Vs. policy polmatch check since the SA
* is now of the same label as the flow and a flow Vs. policy polmatch
* check had already happened in selinux_xfrm_policy_lookup() above. */
- return (avc_has_perm(&selinux_state,
- fl->flowi_secid, state_sid,
- SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO,
- NULL) ? 0 : 1);
+ return (avc_has_perm(&selinux_state, flic_sid, state_sid,
+ SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO,
+ NULL) ? 0 : 1);
}
static u32 selinux_xfrm_skb_sid_egress(struct sk_buff *skb)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 225/452] sctp: read sk->sk_bound_dev_if once in sctp_rcv()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 224/452] lsm,selinux: pass flowi_common instead of flowi to the LSM hooks Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 226/452] net: hinic: add missing destroy_workqueue in hinic_pf_to_mgmt_init Greg Kroah-Hartman
` (232 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Neil Horman,
Vlad Yasevich, Marcelo Ricardo Leitner, David S. Miller,
Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit a20ea298071f46effa3aaf965bf9bb34c901db3f ]
sctp_rcv() reads sk->sk_bound_dev_if twice while the socket
is not locked. Another cpu could change this field under us.
Fixes: 0fd9a65a76e8 ("[SCTP] Support SO_BINDTODEVICE socket option on incoming packets.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Neil Horman <nhorman@tuxdriver.com>
Cc: Vlad Yasevich <vyasevich@gmail.com>
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/input.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/sctp/input.c b/net/sctp/input.c
index 34494a0b28bd..8f3aab6a4458 100644
--- a/net/sctp/input.c
+++ b/net/sctp/input.c
@@ -92,6 +92,7 @@ int sctp_rcv(struct sk_buff *skb)
struct sctp_chunk *chunk;
union sctp_addr src;
union sctp_addr dest;
+ int bound_dev_if;
int family;
struct sctp_af *af;
struct net *net = dev_net(skb->dev);
@@ -169,7 +170,8 @@ int sctp_rcv(struct sk_buff *skb)
* If a frame arrives on an interface and the receiving socket is
* bound to another interface, via SO_BINDTODEVICE, treat it as OOTB
*/
- if (sk->sk_bound_dev_if && (sk->sk_bound_dev_if != af->skb_iif(skb))) {
+ bound_dev_if = READ_ONCE(sk->sk_bound_dev_if);
+ if (bound_dev_if && (bound_dev_if != af->skb_iif(skb))) {
if (transport) {
sctp_transport_put(transport);
asoc = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 226/452] net: hinic: add missing destroy_workqueue in hinic_pf_to_mgmt_init
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 225/452] sctp: read sk->sk_bound_dev_if once in sctp_rcv() Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 227/452] ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* Greg Kroah-Hartman
` (231 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheng Bin, David S. Miller, Sasha Levin
From: Zheng Bin <zhengbin13@huawei.com>
[ Upstream commit 382d917bfc1e92339dae3c8a636b2730e8bb5132 ]
hinic_pf_to_mgmt_init misses destroy_workqueue in error path,
this patch fixes that.
Fixes: 6dbb89014dc3 ("hinic: fix sending mailbox timeout in aeq event work")
Signed-off-by: Zheng Bin <zhengbin13@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/huawei/hinic/hinic_hw_mgmt.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ethernet/huawei/hinic/hinic_hw_mgmt.c b/drivers/net/ethernet/huawei/hinic/hinic_hw_mgmt.c
index 819fa13034c0..027dcc453506 100644
--- a/drivers/net/ethernet/huawei/hinic/hinic_hw_mgmt.c
+++ b/drivers/net/ethernet/huawei/hinic/hinic_hw_mgmt.c
@@ -647,6 +647,7 @@ int hinic_pf_to_mgmt_init(struct hinic_pf_to_mgmt *pf_to_mgmt,
err = alloc_msg_buf(pf_to_mgmt);
if (err) {
dev_err(&pdev->dev, "Failed to allocate msg buffers\n");
+ destroy_workqueue(pf_to_mgmt->workq);
hinic_health_reporters_destroy(hwdev->devlink_dev);
return err;
}
@@ -654,6 +655,7 @@ int hinic_pf_to_mgmt_init(struct hinic_pf_to_mgmt *pf_to_mgmt,
err = hinic_api_cmd_init(pf_to_mgmt->cmd_chain, hwif);
if (err) {
dev_err(&pdev->dev, "Failed to initialize cmd chains\n");
+ destroy_workqueue(pf_to_mgmt->workq);
hinic_health_reporters_destroy(hwdev->devlink_dev);
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 227/452] ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_*
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 226/452] net: hinic: add missing destroy_workqueue in hinic_pf_to_mgmt_init Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 228/452] media: ov7670: remove ov7670_power_off from ov7670_remove Greg Kroah-Hartman
` (230 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit a34840c4eb3278a7c29c9c57a65ce7541c66f9f2 ]
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not needed anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: 6748d0559059 ("ASoC: ti: Add custom machine driver for j721e EVM (CPB and IVI)")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220512111331.44774-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/ti/j721e-evm.c | 44 ++++++++++++++++++++++++++++++----------
1 file changed, 33 insertions(+), 11 deletions(-)
diff --git a/sound/soc/ti/j721e-evm.c b/sound/soc/ti/j721e-evm.c
index 265bbc5a2f96..756cd9694cbe 100644
--- a/sound/soc/ti/j721e-evm.c
+++ b/sound/soc/ti/j721e-evm.c
@@ -631,17 +631,18 @@ static int j721e_soc_probe_cpb(struct j721e_priv *priv, int *link_idx,
codec_node = of_parse_phandle(node, "ti,cpb-codec", 0);
if (!codec_node) {
dev_err(priv->dev, "CPB codec node is not provided\n");
- return -EINVAL;
+ ret = -EINVAL;
+ goto put_dai_node;
}
domain = &priv->audio_domains[J721E_AUDIO_DOMAIN_CPB];
ret = j721e_get_clocks(priv->dev, &domain->codec, "cpb-codec-scki");
if (ret)
- return ret;
+ goto put_codec_node;
ret = j721e_get_clocks(priv->dev, &domain->mcasp, "cpb-mcasp-auxclk");
if (ret)
- return ret;
+ goto put_codec_node;
/*
* Common Processor Board, two links
@@ -651,8 +652,10 @@ static int j721e_soc_probe_cpb(struct j721e_priv *priv, int *link_idx,
comp_count = 6;
compnent = devm_kzalloc(priv->dev, comp_count * sizeof(*compnent),
GFP_KERNEL);
- if (!compnent)
- return -ENOMEM;
+ if (!compnent) {
+ ret = -ENOMEM;
+ goto put_codec_node;
+ }
comp_idx = 0;
priv->dai_links[*link_idx].cpus = &compnent[comp_idx++];
@@ -703,6 +706,12 @@ static int j721e_soc_probe_cpb(struct j721e_priv *priv, int *link_idx,
(*conf_idx)++;
return 0;
+
+put_codec_node:
+ of_node_put(codec_node);
+put_dai_node:
+ of_node_put(dai_node);
+ return ret;
}
static int j721e_soc_probe_ivi(struct j721e_priv *priv, int *link_idx,
@@ -727,23 +736,25 @@ static int j721e_soc_probe_ivi(struct j721e_priv *priv, int *link_idx,
codeca_node = of_parse_phandle(node, "ti,ivi-codec-a", 0);
if (!codeca_node) {
dev_err(priv->dev, "IVI codec-a node is not provided\n");
- return -EINVAL;
+ ret = -EINVAL;
+ goto put_dai_node;
}
codecb_node = of_parse_phandle(node, "ti,ivi-codec-b", 0);
if (!codecb_node) {
dev_warn(priv->dev, "IVI codec-b node is not provided\n");
- return 0;
+ ret = 0;
+ goto put_codeca_node;
}
domain = &priv->audio_domains[J721E_AUDIO_DOMAIN_IVI];
ret = j721e_get_clocks(priv->dev, &domain->codec, "ivi-codec-scki");
if (ret)
- return ret;
+ goto put_codecb_node;
ret = j721e_get_clocks(priv->dev, &domain->mcasp, "ivi-mcasp-auxclk");
if (ret)
- return ret;
+ goto put_codecb_node;
/*
* IVI extension, two links
@@ -755,8 +766,10 @@ static int j721e_soc_probe_ivi(struct j721e_priv *priv, int *link_idx,
comp_count = 8;
compnent = devm_kzalloc(priv->dev, comp_count * sizeof(*compnent),
GFP_KERNEL);
- if (!compnent)
- return -ENOMEM;
+ if (!compnent) {
+ ret = -ENOMEM;
+ goto put_codecb_node;
+ }
comp_idx = 0;
priv->dai_links[*link_idx].cpus = &compnent[comp_idx++];
@@ -817,6 +830,15 @@ static int j721e_soc_probe_ivi(struct j721e_priv *priv, int *link_idx,
(*conf_idx)++;
return 0;
+
+
+put_codecb_node:
+ of_node_put(codecb_node);
+put_codeca_node:
+ of_node_put(codeca_node);
+put_dai_node:
+ of_node_put(dai_node);
+ return ret;
}
static int j721e_soc_probe(struct platform_device *pdev)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 228/452] media: ov7670: remove ov7670_power_off from ov7670_remove
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 227/452] ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 229/452] media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource() Greg Kroah-Hartman
` (229 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dongliang Mu, Sakari Ailus,
Mauro Carvalho Chehab, Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit 5bf19572e31375368f19edd2dbb2e0789518bb99 ]
In ov7670_probe, it always invokes ov7670_power_off() no matter
the execution is successful or failed. So we cannot invoke it
agiain in ov7670_remove().
Fix this by removing ov7670_power_off from ov7670_remove.
Fixes: 030f9f682e66 ("media: ov7670: control clock along with power")
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/i2c/ov7670.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/media/i2c/ov7670.c b/drivers/media/i2c/ov7670.c
index b42b289faaef..154776d0069e 100644
--- a/drivers/media/i2c/ov7670.c
+++ b/drivers/media/i2c/ov7670.c
@@ -2000,7 +2000,6 @@ static int ov7670_remove(struct i2c_client *client)
v4l2_async_unregister_subdev(sd);
v4l2_ctrl_handler_free(&info->hdl);
media_entity_cleanup(&info->sd.entity);
- ov7670_power_off(sd);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 229/452] media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 228/452] media: ov7670: remove ov7670_power_off from ov7670_remove Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 230/452] media: rkvdec: Stop overclocking the decoder Greg Kroah-Hartman
` (228 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cai Huoqing, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Cai Huoqing <caihuoqing@baidu.com>
[ Upstream commit 5a3683d60e56f4faa9552d3efafd87ef106dd393 ]
Use the devm_platform_ioremap_resource() helper instead of
calling platform_get_resource() and devm_ioremap_resource()
separately
Signed-off-by: Cai Huoqing <caihuoqing@baidu.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/rkvdec/rkvdec.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/staging/media/rkvdec/rkvdec.c b/drivers/staging/media/rkvdec/rkvdec.c
index a7788e7a9542..e384ea8d7280 100644
--- a/drivers/staging/media/rkvdec/rkvdec.c
+++ b/drivers/staging/media/rkvdec/rkvdec.c
@@ -1000,7 +1000,6 @@ static const char * const rkvdec_clk_names[] = {
static int rkvdec_probe(struct platform_device *pdev)
{
struct rkvdec_dev *rkvdec;
- struct resource *res;
unsigned int i;
int ret, irq;
@@ -1032,8 +1031,7 @@ static int rkvdec_probe(struct platform_device *pdev)
*/
clk_set_rate(rkvdec->clocks[0].clk, 500 * 1000 * 1000);
- res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
- rkvdec->regs = devm_ioremap_resource(&pdev->dev, res);
+ rkvdec->regs = devm_platform_ioremap_resource(pdev, 0);
if (IS_ERR(rkvdec->regs))
return PTR_ERR(rkvdec->regs);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 230/452] media: rkvdec: Stop overclocking the decoder
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 229/452] media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource() Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 231/452] media: rkvdec: h264: Fix dpb_valid implementation Greg Kroah-Hartman
` (227 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Dufresne, Sebastian Fricke,
Ezequiel Garcia, Hans Verkuil, Mauro Carvalho Chehab,
Sasha Levin
From: Nicolas Dufresne <nicolas.dufresne@collabora.com>
[ Upstream commit 9998943f6dfc5d5472bfab2e38527fb6ba5e9da7 ]
While this overclock hack seems to work on some implementations
(some ChromeBooks, RockPi4) it also causes instability on other
implementations (notably LibreComputer Renegade, but there were more
reports in the LibreELEC project, where this has been removed). While
performance is indeed affected (tested with GStreamer), 4K playback
still works as long as you don't operate in lock step and keep at
least 1 frame ahead of time in the decode queue.
After discussion with ChromeOS members, it would seem that their
implementation indeed used to synchronously decode each frame, so
this hack was simply compensating for their code being less
efficient. In my opinion, this hack should not have been included
upstream.
Fixes: cd33c830448ba ("media: rkvdec: Add the rkvdec driver")
Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Reviewed-by: Sebastian Fricke <sebastian.fricke@collabora.com>
Reviewed-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/rkvdec/rkvdec.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/drivers/staging/media/rkvdec/rkvdec.c b/drivers/staging/media/rkvdec/rkvdec.c
index e384ea8d7280..617d06b8f597 100644
--- a/drivers/staging/media/rkvdec/rkvdec.c
+++ b/drivers/staging/media/rkvdec/rkvdec.c
@@ -1025,12 +1025,6 @@ static int rkvdec_probe(struct platform_device *pdev)
if (ret)
return ret;
- /*
- * Bump ACLK to max. possible freq. (500 MHz) to improve performance
- * When 4k video playback.
- */
- clk_set_rate(rkvdec->clocks[0].clk, 500 * 1000 * 1000);
-
rkvdec->regs = devm_platform_ioremap_resource(pdev, 0);
if (IS_ERR(rkvdec->regs))
return PTR_ERR(rkvdec->regs);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 231/452] media: rkvdec: h264: Fix dpb_valid implementation
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 230/452] media: rkvdec: Stop overclocking the decoder Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 232/452] media: rkvdec: h264: Fix bit depth wrap in pps packet Greg Kroah-Hartman
` (226 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Dufresne, Sebastian Fricke,
Ezequiel Garcia, Hans Verkuil, Mauro Carvalho Chehab,
Sasha Levin
From: Nicolas Dufresne <nicolas.dufresne@collabora.com>
[ Upstream commit 7ab889f09dfa70e8097ec1b9186fd228124112cb ]
The ref builder only provided references that are marked as valid in the
dpb. Thus the current implementation of dpb_valid would always set the
flag to 1. This is not representing missing frames (this is called
'non-existing' pictures in the spec). In some context, these non-existing
pictures still need to occupy a slot in the reference list according to
the spec.
Fixes: cd33c830448ba ("media: rkvdec: Add the rkvdec driver")
Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Reviewed-by: Sebastian Fricke <sebastian.fricke@collabora.com>
Reviewed-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/rkvdec/rkvdec-h264.c | 33 ++++++++++++++++------
1 file changed, 24 insertions(+), 9 deletions(-)
diff --git a/drivers/staging/media/rkvdec/rkvdec-h264.c b/drivers/staging/media/rkvdec/rkvdec-h264.c
index 5487f6d0bcb6..52ffa31f08ac 100644
--- a/drivers/staging/media/rkvdec/rkvdec-h264.c
+++ b/drivers/staging/media/rkvdec/rkvdec-h264.c
@@ -112,6 +112,7 @@ struct rkvdec_h264_run {
const struct v4l2_ctrl_h264_sps *sps;
const struct v4l2_ctrl_h264_pps *pps;
const struct v4l2_ctrl_h264_scaling_matrix *scaling_matrix;
+ int ref_buf_idx[V4L2_H264_NUM_DPB_ENTRIES];
};
struct rkvdec_h264_ctx {
@@ -725,6 +726,26 @@ static void assemble_hw_pps(struct rkvdec_ctx *ctx,
}
}
+static void lookup_ref_buf_idx(struct rkvdec_ctx *ctx,
+ struct rkvdec_h264_run *run)
+{
+ const struct v4l2_ctrl_h264_decode_params *dec_params = run->decode_params;
+ u32 i;
+
+ for (i = 0; i < ARRAY_SIZE(dec_params->dpb); i++) {
+ struct v4l2_m2m_ctx *m2m_ctx = ctx->fh.m2m_ctx;
+ const struct v4l2_h264_dpb_entry *dpb = run->decode_params->dpb;
+ struct vb2_queue *cap_q = &m2m_ctx->cap_q_ctx.q;
+ int buf_idx = -1;
+
+ if (dpb[i].flags & V4L2_H264_DPB_ENTRY_FLAG_ACTIVE)
+ buf_idx = vb2_find_timestamp(cap_q,
+ dpb[i].reference_ts, 0);
+
+ run->ref_buf_idx[i] = buf_idx;
+ }
+}
+
static void assemble_hw_rps(struct rkvdec_ctx *ctx,
struct rkvdec_h264_run *run)
{
@@ -762,7 +783,7 @@ static void assemble_hw_rps(struct rkvdec_ctx *ctx,
for (j = 0; j < RKVDEC_NUM_REFLIST; j++) {
for (i = 0; i < h264_ctx->reflists.num_valid; i++) {
- u8 dpb_valid = 0;
+ bool dpb_valid = run->ref_buf_idx[i] >= 0;
u8 idx = 0;
switch (j) {
@@ -779,8 +800,6 @@ static void assemble_hw_rps(struct rkvdec_ctx *ctx,
if (idx >= ARRAY_SIZE(dec_params->dpb))
continue;
- dpb_valid = !!(dpb[idx].flags &
- V4L2_H264_DPB_ENTRY_FLAG_ACTIVE);
set_ps_field(hw_rps, DPB_INFO(i, j),
idx | dpb_valid << 4);
@@ -859,13 +878,8 @@ get_ref_buf(struct rkvdec_ctx *ctx, struct rkvdec_h264_run *run,
unsigned int dpb_idx)
{
struct v4l2_m2m_ctx *m2m_ctx = ctx->fh.m2m_ctx;
- const struct v4l2_h264_dpb_entry *dpb = run->decode_params->dpb;
struct vb2_queue *cap_q = &m2m_ctx->cap_q_ctx.q;
- int buf_idx = -1;
-
- if (dpb[dpb_idx].flags & V4L2_H264_DPB_ENTRY_FLAG_ACTIVE)
- buf_idx = vb2_find_timestamp(cap_q,
- dpb[dpb_idx].reference_ts, 0);
+ int buf_idx = run->ref_buf_idx[dpb_idx];
/*
* If a DPB entry is unused or invalid, address of current destination
@@ -1102,6 +1116,7 @@ static int rkvdec_h264_run(struct rkvdec_ctx *ctx)
assemble_hw_scaling_list(ctx, &run);
assemble_hw_pps(ctx, &run);
+ lookup_ref_buf_idx(ctx, &run);
assemble_hw_rps(ctx, &run);
config_registers(ctx, &run);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 232/452] media: rkvdec: h264: Fix bit depth wrap in pps packet
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 231/452] media: rkvdec: h264: Fix dpb_valid implementation Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 233/452] ext4: reject the commit option on ext2 filesystems Greg Kroah-Hartman
` (225 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonas Karlman, Nicolas Dufresne,
Ezequiel Garcia, Hans Verkuil, Mauro Carvalho Chehab,
Sasha Levin
From: Jonas Karlman <jonas@kwiboo.se>
[ Upstream commit a074aa4760d1dad0bd565c0f66e7250f5f219ab0 ]
The luma and chroma bit depth fields in the pps packet are 3 bits wide.
8 is wrongly added to the bit depth values written to these 3 bit fields.
Because only the 3 LSB are written, the hardware was configured
correctly.
Correct this by not adding 8 to the luma and chroma bit depth value.
Fixes: cd33c830448ba ("media: rkvdec: Add the rkvdec driver")
Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Reviewed-by: Ezequiel Garcia <ezequiel@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/rkvdec/rkvdec-h264.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/media/rkvdec/rkvdec-h264.c b/drivers/staging/media/rkvdec/rkvdec-h264.c
index 52ffa31f08ac..7013f7ce3678 100644
--- a/drivers/staging/media/rkvdec/rkvdec-h264.c
+++ b/drivers/staging/media/rkvdec/rkvdec-h264.c
@@ -662,8 +662,8 @@ static void assemble_hw_pps(struct rkvdec_ctx *ctx,
WRITE_PPS(0xff, PROFILE_IDC);
WRITE_PPS(1, CONSTRAINT_SET3_FLAG);
WRITE_PPS(sps->chroma_format_idc, CHROMA_FORMAT_IDC);
- WRITE_PPS(sps->bit_depth_luma_minus8 + 8, BIT_DEPTH_LUMA);
- WRITE_PPS(sps->bit_depth_chroma_minus8 + 8, BIT_DEPTH_CHROMA);
+ WRITE_PPS(sps->bit_depth_luma_minus8, BIT_DEPTH_LUMA);
+ WRITE_PPS(sps->bit_depth_chroma_minus8, BIT_DEPTH_CHROMA);
WRITE_PPS(0, QPPRIME_Y_ZERO_TRANSFORM_BYPASS_FLAG);
WRITE_PPS(sps->log2_max_frame_num_minus4, LOG2_MAX_FRAME_NUM_MINUS4);
WRITE_PPS(sps->max_num_ref_frames, MAX_NUM_REF_FRAMES);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 233/452] ext4: reject the commit option on ext2 filesystems
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 232/452] media: rkvdec: h264: Fix bit depth wrap in pps packet Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 234/452] drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init Greg Kroah-Hartman
` (224 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Biggers, Ritesh Harjani,
Lukas Czerner, Sasha Levin
From: Eric Biggers <ebiggers@google.com>
[ Upstream commit cb8435dc8ba33bcafa41cf2aa253794320a3b8df ]
The 'commit' option is only applicable for ext3 and ext4 filesystems,
and has never been accepted by the ext2 filesystem driver, so the ext4
driver shouldn't allow it on ext2 filesystems.
This fixes a failure in xfstest ext4/053.
Fixes: 8dc0aa8cf0f7 ("ext4: check incompatible mount options while mounting ext2/3")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ritesh Harjani <ritesh.list@gmail.com>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Link: https://lore.kernel.org/r/20220510183232.172615-1-ebiggers@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/super.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 3e26edeca8c7..35d990adefc6 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1960,6 +1960,7 @@ static const struct mount_opts {
MOPT_EXT4_ONLY | MOPT_CLEAR},
{Opt_warn_on_error, EXT4_MOUNT_WARN_ON_ERROR, MOPT_SET},
{Opt_nowarn_on_error, EXT4_MOUNT_WARN_ON_ERROR, MOPT_CLEAR},
+ {Opt_commit, 0, MOPT_NO_EXT2},
{Opt_nojournal_checksum, EXT4_MOUNT_JOURNAL_CHECKSUM,
MOPT_EXT4_ONLY | MOPT_CLEAR},
{Opt_journal_checksum, EXT4_MOUNT_JOURNAL_CHECKSUM,
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 234/452] drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 233/452] ext4: reject the commit option on ext2 filesystems Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 235/452] drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() Greg Kroah-Hartman
` (223 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Akhil P Oommen,
Rob Clark, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit c56de483093d7ad0782327f95dda7da97bc4c315 ]
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
a6xx_gmu_init() passes the node to of_find_device_by_node()
and of_dma_configure(), of_find_device_by_node() will takes its
reference, of_dma_configure() doesn't need the node after usage.
Add missing of_node_put() to avoid refcount leak.
Fixes: 4b565ca5a2cb ("drm/msm: Add A6XX device support")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Akhil P Oommen <quic_akhilpo@quicinc.com>
Link: https://lore.kernel.org/r/20220512121955.56937-1-linmq006@gmail.com
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gpu.c b/drivers/gpu/drm/msm/adreno/a6xx_gpu.c
index 39563daff4a0..dffc133b8b1c 100644
--- a/drivers/gpu/drm/msm/adreno/a6xx_gpu.c
+++ b/drivers/gpu/drm/msm/adreno/a6xx_gpu.c
@@ -1308,6 +1308,7 @@ struct msm_gpu *a6xx_gpu_init(struct drm_device *dev)
BUG_ON(!node);
ret = a6xx_gmu_init(a6xx_gpu, node);
+ of_node_put(node);
if (ret) {
a6xx_destroy(&(a6xx_gpu->base.base));
return ERR_PTR(ret);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 235/452] drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 234/452] drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 236/452] x86/sev: Annotate stack change in the #VC handler Greg Kroah-Hartman
` (222 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hangyu Hua, Rob Clark, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit 947a844bb3ebff0f4736d244d792ce129f6700d7 ]
drm_gem_object_lookup will call drm_gem_object_get inside. So cursor_bo
needs to be put when msm_gem_get_and_pin_iova fails.
Fixes: e172d10a9c4a ("drm/msm/mdp5: Add hardware cursor support")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Link: https://lore.kernel.org/r/20220509061125.18585-1-hbh25y@gmail.com
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c
index 06f19ef5dbf3..ff4f207cbdea 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c
@@ -983,8 +983,10 @@ static int mdp5_crtc_cursor_set(struct drm_crtc *crtc,
ret = msm_gem_get_and_pin_iova(cursor_bo, kms->aspace,
&mdp5_crtc->cursor.iova);
- if (ret)
+ if (ret) {
+ drm_gem_object_put(cursor_bo);
return -EINVAL;
+ }
pm_runtime_get_sync(&pdev->dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 236/452] x86/sev: Annotate stack change in the #VC handler
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 235/452] drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 237/452] drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path Greg Kroah-Hartman
` (221 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lai Jiangshan, Borislav Petkov,
Josh Poimboeuf, Sasha Levin
From: Lai Jiangshan <jiangshan.ljs@antgroup.com>
[ Upstream commit c42b145181aafd59ed31ccd879493389e3ea5a08 ]
In idtentry_vc(), vc_switch_off_ist() determines a safe stack to
switch to, off of the IST stack. Annotate the new stack switch with
ENCODE_FRAME_POINTER in case UNWINDER_FRAME_POINTER is used.
A stack walk before looks like this:
CPU: 0 PID: 0 Comm: swapper Not tainted 5.18.0-rc7+ #2
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
Call Trace:
<TASK>
dump_stack_lvl
dump_stack
kernel_exc_vmm_communication
asm_exc_vmm_communication
? native_read_msr
? __x2apic_disable.part.0
? x2apic_setup
? cpu_init
? trap_init
? start_kernel
? x86_64_start_reservations
? x86_64_start_kernel
? secondary_startup_64_no_verify
</TASK>
and with the fix, the stack dump is exact:
CPU: 0 PID: 0 Comm: swapper Not tainted 5.18.0-rc7+ #3
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
Call Trace:
<TASK>
dump_stack_lvl
dump_stack
kernel_exc_vmm_communication
asm_exc_vmm_communication
RIP: 0010:native_read_msr
Code: ...
< snipped regs >
? __x2apic_disable.part.0
x2apic_setup
cpu_init
trap_init
start_kernel
x86_64_start_reservations
x86_64_start_kernel
secondary_startup_64_no_verify
</TASK>
[ bp: Test in a SEV-ES guest and rewrite the commit message to
explain what exactly this does. ]
Fixes: a13644f3a53d ("x86/entry/64: Add entry code for #VC handler")
Signed-off-by: Lai Jiangshan <jiangshan.ljs@antgroup.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lore.kernel.org/r/20220316041612.71357-1-jiangshanlai@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/entry/entry_64.S | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
index a24ce5905ab8..2f2d52729e17 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -500,6 +500,7 @@ SYM_CODE_START(\asmsym)
call vc_switch_off_ist
movq %rax, %rsp /* Switch to new stack */
+ ENCODE_FRAME_POINTER
UNWIND_HINT_REGS
/* Update pt_regs */
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 237/452] drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 236/452] x86/sev: Annotate stack change in the #VC handler Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 238/452] drm/i915: Fix CFI violation with show_dynamic_id() Greg Kroah-Hartman
` (220 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Abhinav Kumar, Rob Clark,
Stephen Boyd, Sasha Levin
From: Abhinav Kumar <quic_abhinavk@quicinc.com>
[ Upstream commit 64b22a0da12adb571c01edd671ee43634ebd7e41 ]
If there are errors while trying to enable the pm in the
bind path, it will lead to unclocked access of hw revision
register thereby crashing the device.
This will not address why the pm_runtime_get_sync() fails
but at the very least we should be able to prevent the
crash by handling the error and bailing out earlier.
changes in v2:
- use pm_runtime_resume_and_get() instead of
pm_runtime_get_sync()
Fixes: 25fdd5933e4c ("drm/msm: Add SDM845 DPU support")
Signed-off-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Reviewed-by: Rob Clark <robdclark@gmail.com>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Patchwork: https://patchwork.freedesktop.org/patch/486721/
Link: https://lore.kernel.org/r/20220518223407.26147-1-quic_abhinavk@quicinc.com
Signed-off-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
index b05ff46d773d..7503f093f3b6 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c
@@ -939,7 +939,9 @@ static int dpu_kms_hw_init(struct msm_kms *kms)
dpu_kms_parse_data_bus_icc_path(dpu_kms);
- pm_runtime_get_sync(&dpu_kms->pdev->dev);
+ rc = pm_runtime_resume_and_get(&dpu_kms->pdev->dev);
+ if (rc < 0)
+ goto error;
dpu_kms->core_rev = readl_relaxed(dpu_kms->mmio + 0x0);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 238/452] drm/i915: Fix CFI violation with show_dynamic_id()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 237/452] drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 239/452] thermal/drivers/bcm2711: Dont clamp temperature at zero Greg Kroah-Hartman
` (219 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Kees Cook,
Sami Tolvanen, Tvrtko Ursulin, Jani Nikula, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit 58606220a2f1407a7516c547f09a1ba7b4350a73 ]
When an attribute group is created with sysfs_create_group(), the
->sysfs_ops() callback is set to kobj_sysfs_ops, which sets the ->show()
callback to kobj_attr_show(). kobj_attr_show() uses container_of() to
get the ->show() callback from the attribute it was passed, meaning the
->show() callback needs to be the same type as the ->show() callback in
'struct kobj_attribute'.
However, show_dynamic_id() has the type of the ->show() callback in
'struct device_attribute', which causes a CFI violation when opening the
'id' sysfs node under drm/card0/metrics. This happens to work because
the layout of 'struct kobj_attribute' and 'struct device_attribute' are
the same, so the container_of() cast happens to allow the ->show()
callback to still work.
Change the type of show_dynamic_id() to match the ->show() callback in
'struct kobj_attributes' and update the type of sysfs_metric_id to
match, which resolves the CFI violation.
Fixes: f89823c21224 ("drm/i915/perf: Implement I915_PERF_ADD/REMOVE_CONFIG interface")
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220513075136.1027007-1-tvrtko.ursulin@linux.intel.com
(cherry picked from commit 18fb42db05a0b93ab5dd5eab5315e50eaa3ca620)
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/i915/i915_perf.c | 4 ++--
drivers/gpu/drm/i915/i915_perf_types.h | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_perf.c b/drivers/gpu/drm/i915/i915_perf.c
index 74e66dea5708..5e670aace59f 100644
--- a/drivers/gpu/drm/i915/i915_perf.c
+++ b/drivers/gpu/drm/i915/i915_perf.c
@@ -3964,8 +3964,8 @@ static struct i915_oa_reg *alloc_oa_regs(struct i915_perf *perf,
return ERR_PTR(err);
}
-static ssize_t show_dynamic_id(struct device *dev,
- struct device_attribute *attr,
+static ssize_t show_dynamic_id(struct kobject *kobj,
+ struct kobj_attribute *attr,
char *buf)
{
struct i915_oa_config *oa_config =
diff --git a/drivers/gpu/drm/i915/i915_perf_types.h b/drivers/gpu/drm/i915/i915_perf_types.h
index a36a455ae336..534951ff38bb 100644
--- a/drivers/gpu/drm/i915/i915_perf_types.h
+++ b/drivers/gpu/drm/i915/i915_perf_types.h
@@ -54,7 +54,7 @@ struct i915_oa_config {
struct attribute_group sysfs_metric;
struct attribute *attrs[2];
- struct device_attribute sysfs_metric_id;
+ struct kobj_attribute sysfs_metric_id;
struct kref ref;
struct rcu_head rcu;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 239/452] thermal/drivers/bcm2711: Dont clamp temperature at zero
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 238/452] drm/i915: Fix CFI violation with show_dynamic_id() Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 240/452] thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe Greg Kroah-Hartman
` (218 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Wahren, Florian Fainelli,
Daniel Lezcano, Sasha Levin
From: Stefan Wahren <stefan.wahren@i2se.com>
[ Upstream commit 106e0121e243de4da7d634338089a68a8da2abe9 ]
The thermal sensor on BCM2711 is capable of negative temperatures, so don't
clamp the measurements at zero. Since this was the only use for variable t,
drop it.
This change based on a patch by Dom Cobley, who also tested the fix.
Fixes: 59b781352dc4 ("thermal: Add BCM2711 thermal driver")
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Link: https://lore.kernel.org/r/20220412195423.104511-1-stefan.wahren@i2se.com
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/broadcom/bcm2711_thermal.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/drivers/thermal/broadcom/bcm2711_thermal.c b/drivers/thermal/broadcom/bcm2711_thermal.c
index 67c2a737bc9d..7b536c8a59dc 100644
--- a/drivers/thermal/broadcom/bcm2711_thermal.c
+++ b/drivers/thermal/broadcom/bcm2711_thermal.c
@@ -38,7 +38,6 @@ static int bcm2711_get_temp(void *data, int *temp)
int offset = thermal_zone_get_offset(priv->thermal);
u32 val;
int ret;
- long t;
ret = regmap_read(priv->regmap, AVS_RO_TEMP_STATUS, &val);
if (ret)
@@ -50,9 +49,7 @@ static int bcm2711_get_temp(void *data, int *temp)
val &= AVS_RO_TEMP_STATUS_DATA_MSK;
/* Convert a HW code to a temperature reading (millidegree celsius) */
- t = slope * val + offset;
-
- *temp = t < 0 ? 0 : t;
+ *temp = slope * val + offset;
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 240/452] thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 239/452] thermal/drivers/bcm2711: Dont clamp temperature at zero Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 241/452] thermal/drivers/core: Use a char pointer for the cooling device name Greg Kroah-Hartman
` (217 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheng Yongjun, Daniel Lezcano, Sasha Levin
From: Zheng Yongjun <zhengyongjun3@huawei.com>
[ Upstream commit e20d136ec7d6f309989c447638365840d3424c8e ]
platform_get_resource() may return NULL, add proper check to
avoid potential NULL dereferencing.
Fixes: 250e211057c72 ("thermal: broadcom: Add Stingray thermal driver")
Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
Link: https://lore.kernel.org/r/20220425092929.90412-1-zhengyongjun3@huawei.com
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/broadcom/sr-thermal.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/thermal/broadcom/sr-thermal.c b/drivers/thermal/broadcom/sr-thermal.c
index 475ce2900771..85ab9edd580c 100644
--- a/drivers/thermal/broadcom/sr-thermal.c
+++ b/drivers/thermal/broadcom/sr-thermal.c
@@ -60,6 +60,9 @@ static int sr_thermal_probe(struct platform_device *pdev)
return -ENOMEM;
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+ if (!res)
+ return -ENOENT;
+
sr_thermal->regs = (void __iomem *)devm_memremap(&pdev->dev, res->start,
resource_size(res),
MEMREMAP_WB);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 241/452] thermal/drivers/core: Use a char pointer for the cooling device name
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 240/452] thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 242/452] thermal/core: Fix memory leak in __thermal_cooling_device_register() Greg Kroah-Hartman
` (216 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daniel Lezcano, Lukasz Luba,
Ido Schimmel, Sasha Levin
From: Daniel Lezcano <daniel.lezcano@linaro.org>
[ Upstream commit 58483761810087e5ffdf36e84ac1bf26df909097 ]
We want to have any kind of name for the cooling devices as we do no
longer want to rely on auto-numbering. Let's replace the cooling
device's fixed array by a char pointer to be allocated dynamically
when registering the cooling device, so we don't limit the length of
the name.
Rework the error path at the same time as we have to rollback the
allocations in case of error.
Tested with a dummy device having the name:
"Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch"
A village on the island of Anglesey (Wales), known to have the longest
name in Europe.
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Reviewed-by: Lukasz Luba <lukasz.luba@arm.com>
Tested-by: Ido Schimmel <idosch@nvidia.com>
Link: https://lore.kernel.org/r/20210314111333.16551-1-daniel.lezcano@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../ethernet/mellanox/mlxsw/core_thermal.c | 2 +-
drivers/thermal/thermal_core.c | 38 +++++++++++--------
include/linux/thermal.h | 2 +-
3 files changed, 24 insertions(+), 18 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/core_thermal.c b/drivers/net/ethernet/mellanox/mlxsw/core_thermal.c
index 7ec1d0ee9bee..ecd1856bef5e 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/core_thermal.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/core_thermal.c
@@ -133,7 +133,7 @@ static int mlxsw_get_cooling_device_idx(struct mlxsw_thermal *thermal,
/* Allow mlxsw thermal zone binding to an external cooling device */
for (i = 0; i < ARRAY_SIZE(mlxsw_thermal_external_allowed_cdev); i++) {
if (strnstr(cdev->type, mlxsw_thermal_external_allowed_cdev[i],
- sizeof(cdev->type)))
+ strlen(cdev->type)))
return 0;
}
diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c
index d9e34ac37662..1abef64ccb5f 100644
--- a/drivers/thermal/thermal_core.c
+++ b/drivers/thermal/thermal_core.c
@@ -1092,10 +1092,7 @@ __thermal_cooling_device_register(struct device_node *np,
{
struct thermal_cooling_device *cdev;
struct thermal_zone_device *pos = NULL;
- int result;
-
- if (type && strlen(type) >= THERMAL_NAME_LENGTH)
- return ERR_PTR(-EINVAL);
+ int ret;
if (!ops || !ops->get_max_state || !ops->get_cur_state ||
!ops->set_cur_state)
@@ -1105,14 +1102,17 @@ __thermal_cooling_device_register(struct device_node *np,
if (!cdev)
return ERR_PTR(-ENOMEM);
- result = ida_simple_get(&thermal_cdev_ida, 0, 0, GFP_KERNEL);
- if (result < 0) {
- kfree(cdev);
- return ERR_PTR(result);
+ ret = ida_simple_get(&thermal_cdev_ida, 0, 0, GFP_KERNEL);
+ if (ret < 0)
+ goto out_kfree_cdev;
+ cdev->id = ret;
+
+ cdev->type = kstrdup(type ? type : "", GFP_KERNEL);
+ if (!cdev->type) {
+ ret = -ENOMEM;
+ goto out_ida_remove;
}
- cdev->id = result;
- strlcpy(cdev->type, type ? : "", sizeof(cdev->type));
mutex_init(&cdev->lock);
INIT_LIST_HEAD(&cdev->thermal_instances);
cdev->np = np;
@@ -1122,12 +1122,9 @@ __thermal_cooling_device_register(struct device_node *np,
cdev->devdata = devdata;
thermal_cooling_device_setup_sysfs(cdev);
dev_set_name(&cdev->device, "cooling_device%d", cdev->id);
- result = device_register(&cdev->device);
- if (result) {
- ida_simple_remove(&thermal_cdev_ida, cdev->id);
- put_device(&cdev->device);
- return ERR_PTR(result);
- }
+ ret = device_register(&cdev->device);
+ if (ret)
+ goto out_kfree_type;
/* Add 'this' new cdev to the global cdev list */
mutex_lock(&thermal_list_lock);
@@ -1145,6 +1142,14 @@ __thermal_cooling_device_register(struct device_node *np,
mutex_unlock(&thermal_list_lock);
return cdev;
+
+out_kfree_type:
+ kfree(cdev->type);
+ put_device(&cdev->device);
+out_ida_remove:
+ ida_simple_remove(&thermal_cdev_ida, cdev->id);
+out_kfree_cdev:
+ return ERR_PTR(ret);
}
/**
@@ -1303,6 +1308,7 @@ void thermal_cooling_device_unregister(struct thermal_cooling_device *cdev)
ida_simple_remove(&thermal_cdev_ida, cdev->id);
device_del(&cdev->device);
thermal_cooling_device_destroy_sysfs(cdev);
+ kfree(cdev->type);
put_device(&cdev->device);
}
EXPORT_SYMBOL_GPL(thermal_cooling_device_unregister);
diff --git a/include/linux/thermal.h b/include/linux/thermal.h
index 176d9454e8f3..7097d4dcfdd0 100644
--- a/include/linux/thermal.h
+++ b/include/linux/thermal.h
@@ -92,7 +92,7 @@ struct thermal_cooling_device_ops {
struct thermal_cooling_device {
int id;
- char type[THERMAL_NAME_LENGTH];
+ char *type;
struct device device;
struct device_node *np;
void *devdata;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 242/452] thermal/core: Fix memory leak in __thermal_cooling_device_register()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 241/452] thermal/drivers/core: Use a char pointer for the cooling device name Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 243/452] thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe Greg Kroah-Hartman
` (215 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Yang Yingliang,
Daniel Lezcano, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 98a160e898c0f4a979af9de3ab48b4b1d42d1dbb ]
I got memory leak as follows when doing fault injection test:
unreferenced object 0xffff888010080000 (size 264312):
comm "182", pid 102533, jiffies 4296434960 (age 10.100s)
hex dump (first 32 bytes):
00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
ff ff ff ff ff ff ff ff 40 7f 1f b9 ff ff ff ff ........@.......
backtrace:
[<0000000038b2f4fc>] kmalloc_order_trace+0x1d/0x110 mm/slab_common.c:969
[<00000000ebcb8da5>] __kmalloc+0x373/0x420 include/linux/slab.h:510
[<0000000084137f13>] thermal_cooling_device_setup_sysfs+0x15d/0x2d0 include/linux/slab.h:586
[<00000000352b8755>] __thermal_cooling_device_register+0x332/0xa60 drivers/thermal/thermal_core.c:927
[<00000000fb9f331b>] devm_thermal_of_cooling_device_register+0x6b/0xf0 drivers/thermal/thermal_core.c:1041
[<000000009b8012d2>] max6650_probe.cold+0x557/0x6aa drivers/hwmon/max6650.c:211
[<00000000da0b7e04>] i2c_device_probe+0x472/0xac0 drivers/i2c/i2c-core-base.c:561
If device_register() fails, thermal_cooling_device_destroy_sysfs() need be called
to free the memory allocated in thermal_cooling_device_setup_sysfs().
Fixes: 8ea229511e06 ("thermal: Add cooling device's statistics in sysfs")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20220511020605.3096734-1-yangyingliang@huawei.com
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/thermal_core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c
index 1abef64ccb5f..5e48e9cfa044 100644
--- a/drivers/thermal/thermal_core.c
+++ b/drivers/thermal/thermal_core.c
@@ -1144,6 +1144,7 @@ __thermal_cooling_device_register(struct device_node *np,
return cdev;
out_kfree_type:
+ thermal_cooling_device_destroy_sysfs(cdev);
kfree(cdev->type);
put_device(&cdev->device);
out_ida_remove:
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 243/452] thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 242/452] thermal/core: Fix memory leak in __thermal_cooling_device_register() Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 244/452] ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() Greg Kroah-Hartman
` (214 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Daniel Lezcano, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 09700c504d8e63faffd2a2235074e8c5d130cb8f ]
of_find_node_by_name() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.
Fixes: e20db70dba1c ("thermal: imx_sc: add i.MX system controller thermal support")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220517055121.18092-1-linmq006@gmail.com
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/imx_sc_thermal.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/thermal/imx_sc_thermal.c b/drivers/thermal/imx_sc_thermal.c
index 8d76dbfde6a9..331a241eb0ef 100644
--- a/drivers/thermal/imx_sc_thermal.c
+++ b/drivers/thermal/imx_sc_thermal.c
@@ -94,8 +94,8 @@ static int imx_sc_thermal_probe(struct platform_device *pdev)
sensor = devm_kzalloc(&pdev->dev, sizeof(*sensor), GFP_KERNEL);
if (!sensor) {
of_node_put(child);
- of_node_put(sensor_np);
- return -ENOMEM;
+ ret = -ENOMEM;
+ goto put_node;
}
ret = thermal_zone_of_get_sensor_id(child,
@@ -124,7 +124,9 @@ static int imx_sc_thermal_probe(struct platform_device *pdev)
dev_warn(&pdev->dev, "failed to add hwmon sysfs attributes\n");
}
+put_node:
of_node_put(sensor_np);
+ of_node_put(np);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 244/452] ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 243/452] thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 245/452] NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx Greg Kroah-Hartman
` (213 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Charles Keepax,
Mark Brown, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit be2af740e2a9c7134f2d8ab4f104006e110b13de ]
Fix the missing clk_disable_unprepare() before return
from wm2000_anc_transition() in the error handling case.
Fixes: 514cfd6dd725 ("ASoC: wm2000: Integrate with clock API")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20220514091053.686416-1-yangyingliang@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wm2000.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/codecs/wm2000.c b/sound/soc/codecs/wm2000.c
index 72e165cc6443..97ece3114b3d 100644
--- a/sound/soc/codecs/wm2000.c
+++ b/sound/soc/codecs/wm2000.c
@@ -536,7 +536,7 @@ static int wm2000_anc_transition(struct wm2000_priv *wm2000,
{
struct i2c_client *i2c = wm2000->i2c;
int i, j;
- int ret;
+ int ret = 0;
if (wm2000->anc_mode == mode)
return 0;
@@ -566,13 +566,13 @@ static int wm2000_anc_transition(struct wm2000_priv *wm2000,
ret = anc_transitions[i].step[j](i2c,
anc_transitions[i].analogue);
if (ret != 0)
- return ret;
+ break;
}
if (anc_transitions[i].dest == ANC_OFF)
clk_disable_unprepare(wm2000->mclk);
- return 0;
+ return ret;
}
static int wm2000_anc_set_mode(struct wm2000_priv *wm2000)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 245/452] NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 244/452] ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 246/452] ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() Greg Kroah-Hartman
` (212 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Krzysztof Kozlowski,
Jakub Kicinski, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit b413b0cb008646e9f24ce5253cb3cf7ee217aff6 ]
There are sleep in atomic context bugs when the request to secure
element of st21nfca is timeout. The root cause is that kzalloc and
alloc_skb with GFP_KERNEL parameter and mutex_lock are called in
st21nfca_se_wt_timeout which is a timer handler. The call tree shows
the execution paths that could lead to bugs:
(Interrupt context)
st21nfca_se_wt_timeout
nfc_hci_send_event
nfc_hci_hcp_message_tx
kzalloc(..., GFP_KERNEL) //may sleep
alloc_skb(..., GFP_KERNEL) //may sleep
mutex_lock() //may sleep
This patch moves the operations that may sleep into a work item.
The work item will run in another kernel thread which is in
process context to execute the bottom half of the interrupt.
So it could prevent atomic context from sleeping.
Fixes: 2130fb97fecf ("NFC: st21nfca: Adding support for secure element")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220518115733.62111-1-duoming@zju.edu.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nfc/st21nfca/se.c | 17 ++++++++++++++---
drivers/nfc/st21nfca/st21nfca.h | 1 +
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/drivers/nfc/st21nfca/se.c b/drivers/nfc/st21nfca/se.c
index 0841e0e370a0..0194e80193d9 100644
--- a/drivers/nfc/st21nfca/se.c
+++ b/drivers/nfc/st21nfca/se.c
@@ -241,7 +241,7 @@ int st21nfca_hci_se_io(struct nfc_hci_dev *hdev, u32 se_idx,
}
EXPORT_SYMBOL(st21nfca_hci_se_io);
-static void st21nfca_se_wt_timeout(struct timer_list *t)
+static void st21nfca_se_wt_work(struct work_struct *work)
{
/*
* No answer from the secure element
@@ -254,8 +254,9 @@ static void st21nfca_se_wt_timeout(struct timer_list *t)
*/
/* hardware reset managed through VCC_UICC_OUT power supply */
u8 param = 0x01;
- struct st21nfca_hci_info *info = from_timer(info, t,
- se_info.bwi_timer);
+ struct st21nfca_hci_info *info = container_of(work,
+ struct st21nfca_hci_info,
+ se_info.timeout_work);
pr_debug("\n");
@@ -273,6 +274,13 @@ static void st21nfca_se_wt_timeout(struct timer_list *t)
info->se_info.cb(info->se_info.cb_context, NULL, 0, -ETIME);
}
+static void st21nfca_se_wt_timeout(struct timer_list *t)
+{
+ struct st21nfca_hci_info *info = from_timer(info, t, se_info.bwi_timer);
+
+ schedule_work(&info->se_info.timeout_work);
+}
+
static void st21nfca_se_activation_timeout(struct timer_list *t)
{
struct st21nfca_hci_info *info = from_timer(info, t,
@@ -364,6 +372,7 @@ int st21nfca_apdu_reader_event_received(struct nfc_hci_dev *hdev,
switch (event) {
case ST21NFCA_EVT_TRANSMIT_DATA:
del_timer_sync(&info->se_info.bwi_timer);
+ cancel_work_sync(&info->se_info.timeout_work);
info->se_info.bwi_active = false;
r = nfc_hci_send_event(hdev, ST21NFCA_DEVICE_MGNT_GATE,
ST21NFCA_EVT_SE_END_OF_APDU_TRANSFER, NULL, 0);
@@ -393,6 +402,7 @@ void st21nfca_se_init(struct nfc_hci_dev *hdev)
struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
init_completion(&info->se_info.req_completion);
+ INIT_WORK(&info->se_info.timeout_work, st21nfca_se_wt_work);
/* initialize timers */
timer_setup(&info->se_info.bwi_timer, st21nfca_se_wt_timeout, 0);
info->se_info.bwi_active = false;
@@ -420,6 +430,7 @@ void st21nfca_se_deinit(struct nfc_hci_dev *hdev)
if (info->se_info.se_active)
del_timer_sync(&info->se_info.se_active_timer);
+ cancel_work_sync(&info->se_info.timeout_work);
info->se_info.bwi_active = false;
info->se_info.se_active = false;
}
diff --git a/drivers/nfc/st21nfca/st21nfca.h b/drivers/nfc/st21nfca/st21nfca.h
index 5e0de0fef1d4..0e4a93d11efb 100644
--- a/drivers/nfc/st21nfca/st21nfca.h
+++ b/drivers/nfc/st21nfca/st21nfca.h
@@ -141,6 +141,7 @@ struct st21nfca_se_info {
se_io_cb_t cb;
void *cb_context;
+ struct work_struct timeout_work;
};
struct st21nfca_hci_info {
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 246/452] ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 245/452] NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 247/452] net: stmmac: selftests: Use kcalloc() instead of kzalloc() Greg Kroah-Hartman
` (211 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Khoroshilov, Mark Brown, Sasha Levin
From: Alexey Khoroshilov <khoroshilov@ispras.ru>
[ Upstream commit f7a344468105ef8c54086dfdc800e6f5a8417d3e ]
Validation of signed input should be done before casting to unsigned int.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Suggested-by: Mark Brown <broonie@kernel.org>
Fixes: 2fbe467bcbfc ("ASoC: max98090: Reject invalid values in custom control put()")
Link: https://lore.kernel.org/r/1652999486-29653-1-git-send-email-khoroshilov@ispras.ru
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/max98090.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/max98090.c b/sound/soc/codecs/max98090.c
index 5b6405392f08..0c73979cad4a 100644
--- a/sound/soc/codecs/max98090.c
+++ b/sound/soc/codecs/max98090.c
@@ -393,7 +393,8 @@ static int max98090_put_enab_tlv(struct snd_kcontrol *kcontrol,
struct soc_mixer_control *mc =
(struct soc_mixer_control *)kcontrol->private_value;
unsigned int mask = (1 << fls(mc->max)) - 1;
- unsigned int sel = ucontrol->value.integer.value[0];
+ int sel_unchecked = ucontrol->value.integer.value[0];
+ unsigned int sel;
unsigned int val = snd_soc_component_read(component, mc->reg);
unsigned int *select;
@@ -413,8 +414,9 @@ static int max98090_put_enab_tlv(struct snd_kcontrol *kcontrol,
val = (val >> mc->shift) & mask;
- if (sel < 0 || sel > mc->max)
+ if (sel_unchecked < 0 || sel_unchecked > mc->max)
return -EINVAL;
+ sel = sel_unchecked;
*select = sel;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 247/452] net: stmmac: selftests: Use kcalloc() instead of kzalloc()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 246/452] ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 248/452] net: stmmac: fix out-of-bounds access in a selftest Greg Kroah-Hartman
` (210 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gustavo A. R. Silva, Jakub Kicinski,
Sasha Levin
From: Gustavo A. R. Silva <gustavoars@kernel.org>
[ Upstream commit 36371876e000012ae4440fcf3097c2f0ed0f83e7 ]
Use 2-factor multiplication argument form kcalloc() instead
of kzalloc().
Link: https://github.com/KSPP/linux/issues/162
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/20211006180944.GA913477@embeddedor
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c
index 0462dcc93e53..e649a3e6a529 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c
@@ -1104,13 +1104,13 @@ static int stmmac_test_rxp(struct stmmac_priv *priv)
goto cleanup_sel;
}
- actions = kzalloc(nk * sizeof(*actions), GFP_KERNEL);
+ actions = kcalloc(nk, sizeof(*actions), GFP_KERNEL);
if (!actions) {
ret = -ENOMEM;
goto cleanup_exts;
}
- act = kzalloc(nk * sizeof(*act), GFP_KERNEL);
+ act = kcalloc(nk, sizeof(*act), GFP_KERNEL);
if (!act) {
ret = -ENOMEM;
goto cleanup_actions;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 248/452] net: stmmac: fix out-of-bounds access in a selftest
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 247/452] net: stmmac: selftests: Use kcalloc() instead of kzalloc() Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 249/452] hv_netvsc: Fix potential dereference of NULL pointer Greg Kroah-Hartman
` (209 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jakub Kicinski, Sasha Levin
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit fe5c5fc145edcf98a759b895f52b646730eeb7be ]
GCC 12 points out that struct tc_action is smaller than
struct tcf_action:
drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c: In function ‘stmmac_test_rxp’:
drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c:1132:21: warning: array subscript ‘struct tcf_gact[0]’ is partly outside array bounds of ‘unsigned char[272]’ [-Warray-bounds]
1132 | gact->tcf_action = TC_ACT_SHOT;
| ^~
Fixes: ccfc639a94f2 ("net: stmmac: selftests: Add a selftest for Flexible RX Parser")
Link: https://lore.kernel.org/r/20220519004305.2109708-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/stmicro/stmmac/stmmac_selftests.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c
index e649a3e6a529..dd5c4ef92ef3 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c
@@ -1084,8 +1084,9 @@ static int stmmac_test_rxp(struct stmmac_priv *priv)
unsigned char addr[ETH_ALEN] = {0xde, 0xad, 0xbe, 0xef, 0x00, 0x00};
struct tc_cls_u32_offload cls_u32 = { };
struct stmmac_packet_attrs attr = { };
- struct tc_action **actions, *act;
+ struct tc_action **actions;
struct tc_u32_sel *sel;
+ struct tcf_gact *gact;
struct tcf_exts *exts;
int ret, i, nk = 1;
@@ -1110,8 +1111,8 @@ static int stmmac_test_rxp(struct stmmac_priv *priv)
goto cleanup_exts;
}
- act = kcalloc(nk, sizeof(*act), GFP_KERNEL);
- if (!act) {
+ gact = kcalloc(nk, sizeof(*gact), GFP_KERNEL);
+ if (!gact) {
ret = -ENOMEM;
goto cleanup_actions;
}
@@ -1126,9 +1127,7 @@ static int stmmac_test_rxp(struct stmmac_priv *priv)
exts->nr_actions = nk;
exts->actions = actions;
for (i = 0; i < nk; i++) {
- struct tcf_gact *gact = to_gact(&act[i]);
-
- actions[i] = &act[i];
+ actions[i] = (struct tc_action *)&gact[i];
gact->tcf_action = TC_ACT_SHOT;
}
@@ -1152,7 +1151,7 @@ static int stmmac_test_rxp(struct stmmac_priv *priv)
stmmac_tc_setup_cls_u32(priv, priv, &cls_u32);
cleanup_act:
- kfree(act);
+ kfree(gact);
cleanup_actions:
kfree(actions);
cleanup_exts:
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 249/452] hv_netvsc: Fix potential dereference of NULL pointer
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 248/452] net: stmmac: fix out-of-bounds access in a selftest Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 250/452] rxrpc: Fix listen() setting the bar too high for the prealloc rings Greg Kroah-Hartman
` (208 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yongzhi Liu, Haiyang Zhang,
Jakub Kicinski, Sasha Levin
From: Yongzhi Liu <lyz_cs@pku.edu.cn>
[ Upstream commit eb4c0788964730d12e8dd520bd8f5217ca48321c ]
The return value of netvsc_devinfo_get()
needs to be checked to avoid use of NULL
pointer in case of an allocation failure.
Fixes: 0efeea5fb153 ("hv_netvsc: Add the support of hibernation")
Signed-off-by: Yongzhi Liu <lyz_cs@pku.edu.cn>
Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
Link: https://lore.kernel.org/r/1652962188-129281-1-git-send-email-lyz_cs@pku.edu.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/hyperv/netvsc_drv.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c
index e3676386d0ee..18484370da0d 100644
--- a/drivers/net/hyperv/netvsc_drv.c
+++ b/drivers/net/hyperv/netvsc_drv.c
@@ -2629,7 +2629,10 @@ static int netvsc_suspend(struct hv_device *dev)
/* Save the current config info */
ndev_ctx->saved_netvsc_dev_info = netvsc_devinfo_get(nvdev);
-
+ if (!ndev_ctx->saved_netvsc_dev_info) {
+ ret = -ENOMEM;
+ goto out;
+ }
ret = netvsc_detach(net, nvdev);
out:
rtnl_unlock();
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 250/452] rxrpc: Fix listen() setting the bar too high for the prealloc rings
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 249/452] hv_netvsc: Fix potential dereference of NULL pointer Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 251/452] rxrpc: Dont try to resend the request if were receiving the reply Greg Kroah-Hartman
` (207 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marc Dionne, David Howells,
linux-afs, David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 88e22159750b0d55793302eeed8ee603f5c1a95c ]
AF_RXRPC's listen() handler lets you set the backlog up to 32 (if you bump
up the sysctl), but whilst the preallocation circular buffers have 32 slots
in them, one of them has to be a dead slot because we're using CIRC_CNT().
This means that listen(rxrpc_sock, 32) will cause an oops when the socket
is closed because rxrpc_service_prealloc_one() allocated one too many calls
and rxrpc_discard_prealloc() won't then be able to get rid of them because
it'll think the ring is empty. rxrpc_release_calls_on_socket() then tries
to abort them, but oopses because call->peer isn't yet set.
Fix this by setting the maximum backlog to RXRPC_BACKLOG_MAX - 1 to match
the ring capacity.
BUG: kernel NULL pointer dereference, address: 0000000000000086
...
RIP: 0010:rxrpc_send_abort_packet+0x73/0x240 [rxrpc]
Call Trace:
<TASK>
? __wake_up_common_lock+0x7a/0x90
? rxrpc_notify_socket+0x8e/0x140 [rxrpc]
? rxrpc_abort_call+0x4c/0x60 [rxrpc]
rxrpc_release_calls_on_socket+0x107/0x1a0 [rxrpc]
rxrpc_release+0xc9/0x1c0 [rxrpc]
__sock_release+0x37/0xa0
sock_close+0x11/0x20
__fput+0x89/0x240
task_work_run+0x59/0x90
do_exit+0x319/0xaa0
Fixes: 00e907127e6f ("rxrpc: Preallocate peers, conns and calls for incoming service requests")
Reported-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: linux-afs@lists.infradead.org
Link: https://lists.infradead.org/pipermail/linux-afs/2022-March/005079.html
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rxrpc/sysctl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/rxrpc/sysctl.c b/net/rxrpc/sysctl.c
index 540351d6a5f4..555e0910786b 100644
--- a/net/rxrpc/sysctl.c
+++ b/net/rxrpc/sysctl.c
@@ -12,7 +12,7 @@
static struct ctl_table_header *rxrpc_sysctl_reg_table;
static const unsigned int four = 4;
-static const unsigned int thirtytwo = 32;
+static const unsigned int max_backlog = RXRPC_BACKLOG_MAX - 1;
static const unsigned int n_65535 = 65535;
static const unsigned int n_max_acks = RXRPC_RXTX_BUFF_SIZE - 1;
static const unsigned long one_jiffy = 1;
@@ -89,7 +89,7 @@ static struct ctl_table rxrpc_sysctl_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec_minmax,
.extra1 = (void *)&four,
- .extra2 = (void *)&thirtytwo,
+ .extra2 = (void *)&max_backlog,
},
{
.procname = "rx_window_size",
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 251/452] rxrpc: Dont try to resend the request if were receiving the reply
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 250/452] rxrpc: Fix listen() setting the bar too high for the prealloc rings Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 252/452] rxrpc: Fix overlapping ACK accounting Greg Kroah-Hartman
` (206 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Howells, linux-afs,
David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 114af61f88fbe34d641b13922d098ffec4c1be1b ]
rxrpc has a timer to trigger resending of unacked data packets in a call.
This is not cancelled when a client call switches to the receive phase on
the basis that most calls don't last long enough for it to ever expire.
However, if it *does* expire after we've started to receive the reply, we
shouldn't then go into trying to retransmit or pinging the server to find
out if an ack got lost.
Fix this by skipping the resend code if we're into receiving the reply to a
client call.
Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both")
Signed-off-by: David Howells <dhowells@redhat.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rxrpc/call_event.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/rxrpc/call_event.c b/net/rxrpc/call_event.c
index e426f6831aab..f8ecad2b730e 100644
--- a/net/rxrpc/call_event.c
+++ b/net/rxrpc/call_event.c
@@ -406,7 +406,8 @@ void rxrpc_process_call(struct work_struct *work)
goto recheck_state;
}
- if (test_and_clear_bit(RXRPC_CALL_EV_RESEND, &call->events)) {
+ if (test_and_clear_bit(RXRPC_CALL_EV_RESEND, &call->events) &&
+ call->state != RXRPC_CALL_CLIENT_RECV_REPLY) {
rxrpc_resend(call, now);
goto recheck_state;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 252/452] rxrpc: Fix overlapping ACK accounting
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 251/452] rxrpc: Dont try to resend the request if were receiving the reply Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 253/452] rxrpc: Dont let ack.previousPacket regress Greg Kroah-Hartman
` (205 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Howells, Jeffrey Altman,
Marc Dionne, linux-afs, David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 8940ba3cfe4841928777fd45eaa92051522c7f0c ]
Fix accidental overlapping of Rx-phase ACK accounting with Tx-phase ACK
accounting through variables shared between the two. call->acks_* members
refer to ACKs received in the Tx phase and call->ackr_* members to ACKs
sent/to be sent during the Rx phase.
Fixes: 1a2391c30c0b ("rxrpc: Fix detection of out of order acks")
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Jeffrey Altman <jaltman@auristor.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rxrpc/ar-internal.h | 7 ++++---
net/rxrpc/input.c | 16 ++++++++--------
2 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 3bad9f5f9102..2fc93467780d 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -659,10 +659,9 @@ struct rxrpc_call {
spinlock_t input_lock; /* Lock for packet input to this call */
- /* receive-phase ACK management */
+ /* Receive-phase ACK management (ACKs we send). */
u8 ackr_reason; /* reason to ACK */
rxrpc_serial_t ackr_serial; /* serial of packet being ACK'd */
- rxrpc_serial_t ackr_first_seq; /* first sequence number received */
rxrpc_seq_t ackr_prev_seq; /* previous sequence number received */
rxrpc_seq_t ackr_consumed; /* Highest packet shown consumed */
rxrpc_seq_t ackr_seen; /* Highest packet shown seen */
@@ -675,8 +674,10 @@ struct rxrpc_call {
#define RXRPC_CALL_RTT_AVAIL_MASK 0xf
#define RXRPC_CALL_RTT_PEND_SHIFT 8
- /* transmission-phase ACK management */
+ /* Transmission-phase ACK management (ACKs we've received). */
ktime_t acks_latest_ts; /* Timestamp of latest ACK received */
+ rxrpc_seq_t acks_first_seq; /* first sequence number received */
+ rxrpc_seq_t acks_prev_seq; /* previous sequence number received */
rxrpc_seq_t acks_lowest_nak; /* Lowest NACK in the buffer (or ==tx_hard_ack) */
rxrpc_seq_t acks_lost_top; /* tx_top at the time lost-ack ping sent */
rxrpc_serial_t acks_lost_ping; /* Serial number of probe ACK */
diff --git a/net/rxrpc/input.c b/net/rxrpc/input.c
index dc201363f2c4..f11673cda217 100644
--- a/net/rxrpc/input.c
+++ b/net/rxrpc/input.c
@@ -812,7 +812,7 @@ static void rxrpc_input_soft_acks(struct rxrpc_call *call, u8 *acks,
static bool rxrpc_is_ack_valid(struct rxrpc_call *call,
rxrpc_seq_t first_pkt, rxrpc_seq_t prev_pkt)
{
- rxrpc_seq_t base = READ_ONCE(call->ackr_first_seq);
+ rxrpc_seq_t base = READ_ONCE(call->acks_first_seq);
if (after(first_pkt, base))
return true; /* The window advanced */
@@ -820,7 +820,7 @@ static bool rxrpc_is_ack_valid(struct rxrpc_call *call,
if (before(first_pkt, base))
return false; /* firstPacket regressed */
- if (after_eq(prev_pkt, call->ackr_prev_seq))
+ if (after_eq(prev_pkt, call->acks_prev_seq))
return true; /* previousPacket hasn't regressed. */
/* Some rx implementations put a serial number in previousPacket. */
@@ -906,8 +906,8 @@ static void rxrpc_input_ack(struct rxrpc_call *call, struct sk_buff *skb)
/* Discard any out-of-order or duplicate ACKs (outside lock). */
if (!rxrpc_is_ack_valid(call, first_soft_ack, prev_pkt)) {
trace_rxrpc_rx_discard_ack(call->debug_id, ack_serial,
- first_soft_ack, call->ackr_first_seq,
- prev_pkt, call->ackr_prev_seq);
+ first_soft_ack, call->acks_first_seq,
+ prev_pkt, call->acks_prev_seq);
return;
}
@@ -922,14 +922,14 @@ static void rxrpc_input_ack(struct rxrpc_call *call, struct sk_buff *skb)
/* Discard any out-of-order or duplicate ACKs (inside lock). */
if (!rxrpc_is_ack_valid(call, first_soft_ack, prev_pkt)) {
trace_rxrpc_rx_discard_ack(call->debug_id, ack_serial,
- first_soft_ack, call->ackr_first_seq,
- prev_pkt, call->ackr_prev_seq);
+ first_soft_ack, call->acks_first_seq,
+ prev_pkt, call->acks_prev_seq);
goto out;
}
call->acks_latest_ts = skb->tstamp;
- call->ackr_first_seq = first_soft_ack;
- call->ackr_prev_seq = prev_pkt;
+ call->acks_first_seq = first_soft_ack;
+ call->acks_prev_seq = prev_pkt;
/* Parse rwind and mtu sizes if provided. */
if (buf.info.rxMTU)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 253/452] rxrpc: Dont let ack.previousPacket regress
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 252/452] rxrpc: Fix overlapping ACK accounting Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 254/452] rxrpc: Fix decision on when to generate an IDLE ACK Greg Kroah-Hartman
` (204 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Howells, Marc Dionne,
linux-afs, David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 81524b6312535897707f2942695da1d359a5e56b ]
The previousPacket field in the rx ACK packet should never go backwards -
it's now the highest DATA sequence number received, not the last on
received (it used to be used for out of sequence detection).
Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code")
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rxrpc/ar-internal.h | 4 ++--
net/rxrpc/input.c | 4 +++-
net/rxrpc/output.c | 2 +-
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 2fc93467780d..ed88552c237c 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -662,7 +662,7 @@ struct rxrpc_call {
/* Receive-phase ACK management (ACKs we send). */
u8 ackr_reason; /* reason to ACK */
rxrpc_serial_t ackr_serial; /* serial of packet being ACK'd */
- rxrpc_seq_t ackr_prev_seq; /* previous sequence number received */
+ rxrpc_seq_t ackr_highest_seq; /* Higest sequence number received */
rxrpc_seq_t ackr_consumed; /* Highest packet shown consumed */
rxrpc_seq_t ackr_seen; /* Highest packet shown seen */
@@ -677,7 +677,7 @@ struct rxrpc_call {
/* Transmission-phase ACK management (ACKs we've received). */
ktime_t acks_latest_ts; /* Timestamp of latest ACK received */
rxrpc_seq_t acks_first_seq; /* first sequence number received */
- rxrpc_seq_t acks_prev_seq; /* previous sequence number received */
+ rxrpc_seq_t acks_prev_seq; /* Highest previousPacket received */
rxrpc_seq_t acks_lowest_nak; /* Lowest NACK in the buffer (or ==tx_hard_ack) */
rxrpc_seq_t acks_lost_top; /* tx_top at the time lost-ack ping sent */
rxrpc_serial_t acks_lost_ping; /* Serial number of probe ACK */
diff --git a/net/rxrpc/input.c b/net/rxrpc/input.c
index f11673cda217..2e61545ad8ca 100644
--- a/net/rxrpc/input.c
+++ b/net/rxrpc/input.c
@@ -453,7 +453,6 @@ static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb)
!rxrpc_receiving_reply(call))
goto unlock;
- call->ackr_prev_seq = seq0;
hard_ack = READ_ONCE(call->rx_hard_ack);
nr_subpackets = sp->nr_subpackets;
@@ -534,6 +533,9 @@ static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb)
ack_serial = serial;
}
+ if (after(seq0, call->ackr_highest_seq))
+ call->ackr_highest_seq = seq0;
+
/* Queue the packet. We use a couple of memory barriers here as need
* to make sure that rx_top is perceived to be set after the buffer
* pointer and that the buffer pointer is set after the annotation and
diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c
index a45c83f22236..46aae9b7006f 100644
--- a/net/rxrpc/output.c
+++ b/net/rxrpc/output.c
@@ -89,7 +89,7 @@ static size_t rxrpc_fill_out_ack(struct rxrpc_connection *conn,
pkt->ack.bufferSpace = htons(8);
pkt->ack.maxSkew = htons(0);
pkt->ack.firstPacket = htonl(hard_ack + 1);
- pkt->ack.previousPacket = htonl(call->ackr_prev_seq);
+ pkt->ack.previousPacket = htonl(call->ackr_highest_seq);
pkt->ack.serial = htonl(serial);
pkt->ack.reason = reason;
pkt->ack.nAcks = top - hard_ack;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 254/452] rxrpc: Fix decision on when to generate an IDLE ACK
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 253/452] rxrpc: Dont let ack.previousPacket regress Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 255/452] net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() Greg Kroah-Hartman
` (203 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Howells, Marc Dionne,
linux-afs, David S. Miller, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 9a3dedcf18096e8f7f22b8777d78c4acfdea1651 ]
Fix the decision on when to generate an IDLE ACK by keeping a count of the
number of packets we've received, but not yet soft-ACK'd, and the number of
packets we've processed, but not yet hard-ACK'd, rather than trying to keep
track of which DATA sequence numbers correspond to those points.
We then generate an ACK when either counter exceeds 2. The counters are
both cleared when we transcribe the information into any sort of ACK packet
for transmission. IDLE and DELAY ACKs are skipped if both counters are 0
(ie. no change).
Fixes: 805b21b929e2 ("rxrpc: Send an ACK after every few DATA packets we receive")
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/trace/events/rxrpc.h | 2 +-
net/rxrpc/ar-internal.h | 4 ++--
net/rxrpc/input.c | 11 +++++++++--
net/rxrpc/output.c | 18 +++++++++++-------
net/rxrpc/recvmsg.c | 8 +++-----
5 files changed, 26 insertions(+), 17 deletions(-)
diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h
index 4a3ab0ed6e06..1c714336b863 100644
--- a/include/trace/events/rxrpc.h
+++ b/include/trace/events/rxrpc.h
@@ -1509,7 +1509,7 @@ TRACE_EVENT(rxrpc_call_reset,
__entry->call_serial = call->rx_serial;
__entry->conn_serial = call->conn->hi_serial;
__entry->tx_seq = call->tx_hard_ack;
- __entry->rx_seq = call->ackr_seen;
+ __entry->rx_seq = call->rx_hard_ack;
),
TP_printk("c=%08x %08x:%08x r=%08x/%08x tx=%08x rx=%08x",
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index ed88552c237c..ccb65412b670 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -663,8 +663,8 @@ struct rxrpc_call {
u8 ackr_reason; /* reason to ACK */
rxrpc_serial_t ackr_serial; /* serial of packet being ACK'd */
rxrpc_seq_t ackr_highest_seq; /* Higest sequence number received */
- rxrpc_seq_t ackr_consumed; /* Highest packet shown consumed */
- rxrpc_seq_t ackr_seen; /* Highest packet shown seen */
+ atomic_t ackr_nr_unacked; /* Number of unacked packets */
+ atomic_t ackr_nr_consumed; /* Number of packets needing hard ACK */
/* RTT management */
rxrpc_serial_t rtt_serial[4]; /* Serial number of DATA or PING sent */
diff --git a/net/rxrpc/input.c b/net/rxrpc/input.c
index 2e61545ad8ca..1145cb14d86f 100644
--- a/net/rxrpc/input.c
+++ b/net/rxrpc/input.c
@@ -412,8 +412,8 @@ static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb)
{
struct rxrpc_skb_priv *sp = rxrpc_skb(skb);
enum rxrpc_call_state state;
- unsigned int j, nr_subpackets;
- rxrpc_serial_t serial = sp->hdr.serial, ack_serial = 0;
+ unsigned int j, nr_subpackets, nr_unacked = 0;
+ rxrpc_serial_t serial = sp->hdr.serial, ack_serial = serial;
rxrpc_seq_t seq0 = sp->hdr.seq, hard_ack;
bool immediate_ack = false, jumbo_bad = false;
u8 ack = 0;
@@ -569,6 +569,8 @@ static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb)
sp = NULL;
}
+ nr_unacked++;
+
if (last) {
set_bit(RXRPC_CALL_RX_LAST, &call->flags);
if (!ack) {
@@ -588,9 +590,14 @@ static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb)
}
call->rx_expect_next = seq + 1;
}
+ if (!ack)
+ ack_serial = serial;
}
ack:
+ if (atomic_add_return(nr_unacked, &call->ackr_nr_unacked) > 2 && !ack)
+ ack = RXRPC_ACK_IDLE;
+
if (ack)
rxrpc_propose_ACK(call, ack, ack_serial,
immediate_ack, true,
diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c
index 46aae9b7006f..9683617db704 100644
--- a/net/rxrpc/output.c
+++ b/net/rxrpc/output.c
@@ -74,11 +74,18 @@ static size_t rxrpc_fill_out_ack(struct rxrpc_connection *conn,
u8 reason)
{
rxrpc_serial_t serial;
+ unsigned int tmp;
rxrpc_seq_t hard_ack, top, seq;
int ix;
u32 mtu, jmax;
u8 *ackp = pkt->acks;
+ tmp = atomic_xchg(&call->ackr_nr_unacked, 0);
+ tmp |= atomic_xchg(&call->ackr_nr_consumed, 0);
+ if (!tmp && (reason == RXRPC_ACK_DELAY ||
+ reason == RXRPC_ACK_IDLE))
+ return 0;
+
/* Barrier against rxrpc_input_data(). */
serial = call->ackr_serial;
hard_ack = READ_ONCE(call->rx_hard_ack);
@@ -223,6 +230,10 @@ int rxrpc_send_ack_packet(struct rxrpc_call *call, bool ping,
n = rxrpc_fill_out_ack(conn, call, pkt, &hard_ack, &top, reason);
spin_unlock_bh(&call->lock);
+ if (n == 0) {
+ kfree(pkt);
+ return 0;
+ }
iov[0].iov_base = pkt;
iov[0].iov_len = sizeof(pkt->whdr) + sizeof(pkt->ack) + n;
@@ -259,13 +270,6 @@ int rxrpc_send_ack_packet(struct rxrpc_call *call, bool ping,
ntohl(pkt->ack.serial),
false, true,
rxrpc_propose_ack_retry_tx);
- } else {
- spin_lock_bh(&call->lock);
- if (after(hard_ack, call->ackr_consumed))
- call->ackr_consumed = hard_ack;
- if (after(top, call->ackr_seen))
- call->ackr_seen = top;
- spin_unlock_bh(&call->lock);
}
rxrpc_set_keepalive(call);
diff --git a/net/rxrpc/recvmsg.c b/net/rxrpc/recvmsg.c
index 2c842851d72e..787826773937 100644
--- a/net/rxrpc/recvmsg.c
+++ b/net/rxrpc/recvmsg.c
@@ -260,11 +260,9 @@ static void rxrpc_rotate_rx_window(struct rxrpc_call *call)
rxrpc_end_rx_phase(call, serial);
} else {
/* Check to see if there's an ACK that needs sending. */
- if (after_eq(hard_ack, call->ackr_consumed + 2) ||
- after_eq(top, call->ackr_seen + 2) ||
- (hard_ack == top && after(hard_ack, call->ackr_consumed)))
- rxrpc_propose_ACK(call, RXRPC_ACK_DELAY, serial,
- true, true,
+ if (atomic_inc_return(&call->ackr_nr_consumed) > 2)
+ rxrpc_propose_ACK(call, RXRPC_ACK_IDLE, serial,
+ true, false,
rxrpc_propose_ack_rotate_rx);
if (call->ackr_reason && call->ackr_reason != RXRPC_ACK_DELAY)
rxrpc_send_ack_packet(call, false, NULL);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 255/452] net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 254/452] rxrpc: Fix decision on when to generate an IDLE ACK Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 256/452] hinic: Avoid some over memory allocation Greg Kroah-Hartman
` (202 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gustavo A. R. Silva, Kees Cook,
Jakub Kicinski, Sasha Levin
From: Gustavo A. R. Silva <gustavoars@kernel.org>
[ Upstream commit 9d922f5df53844228b9f7c62f2593f4f06c0b69b ]
Use 2-factor multiplication argument form devm_kcalloc() instead
of devm_kzalloc().
Link: https://github.com/KSPP/linux/issues/162
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20211208040311.GA169838@embeddedor
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../ethernet/huawei/hinic/hinic_hw_api_cmd.c | 5 ++--
.../net/ethernet/huawei/hinic/hinic_hw_cmdq.c | 10 ++++----
.../net/ethernet/huawei/hinic/hinic_hw_dev.c | 5 ++--
.../net/ethernet/huawei/hinic/hinic_hw_eqs.c | 9 ++++----
.../net/ethernet/huawei/hinic/hinic_hw_wq.c | 23 +++++++++----------
.../net/ethernet/huawei/hinic/hinic_main.c | 10 ++++----
drivers/net/ethernet/huawei/hinic/hinic_tx.c | 9 ++++----
7 files changed, 31 insertions(+), 40 deletions(-)
diff --git a/drivers/net/ethernet/huawei/hinic/hinic_hw_api_cmd.c b/drivers/net/ethernet/huawei/hinic/hinic_hw_api_cmd.c
index 4e4029d5c8e1..9553d280ec1b 100644
--- a/drivers/net/ethernet/huawei/hinic/hinic_hw_api_cmd.c
+++ b/drivers/net/ethernet/huawei/hinic/hinic_hw_api_cmd.c
@@ -818,7 +818,6 @@ static int api_chain_init(struct hinic_api_cmd_chain *chain,
{
struct hinic_hwif *hwif = attr->hwif;
struct pci_dev *pdev = hwif->pdev;
- size_t cell_ctxt_size;
chain->hwif = hwif;
chain->chain_type = attr->chain_type;
@@ -830,8 +829,8 @@ static int api_chain_init(struct hinic_api_cmd_chain *chain,
sema_init(&chain->sem, 1);
- cell_ctxt_size = chain->num_cells * sizeof(*chain->cell_ctxt);
- chain->cell_ctxt = devm_kzalloc(&pdev->dev, cell_ctxt_size, GFP_KERNEL);
+ chain->cell_ctxt = devm_kcalloc(&pdev->dev, chain->num_cells,
+ sizeof(*chain->cell_ctxt), GFP_KERNEL);
if (!chain->cell_ctxt)
return -ENOMEM;
diff --git a/drivers/net/ethernet/huawei/hinic/hinic_hw_cmdq.c b/drivers/net/ethernet/huawei/hinic/hinic_hw_cmdq.c
index 5a6bbee819cd..21b8235952d3 100644
--- a/drivers/net/ethernet/huawei/hinic/hinic_hw_cmdq.c
+++ b/drivers/net/ethernet/huawei/hinic/hinic_hw_cmdq.c
@@ -796,11 +796,10 @@ static int init_cmdqs_ctxt(struct hinic_hwdev *hwdev,
struct hinic_cmdq_ctxt *cmdq_ctxts;
struct pci_dev *pdev = hwif->pdev;
struct hinic_pfhwdev *pfhwdev;
- size_t cmdq_ctxts_size;
int err;
- cmdq_ctxts_size = HINIC_MAX_CMDQ_TYPES * sizeof(*cmdq_ctxts);
- cmdq_ctxts = devm_kzalloc(&pdev->dev, cmdq_ctxts_size, GFP_KERNEL);
+ cmdq_ctxts = devm_kcalloc(&pdev->dev, HINIC_MAX_CMDQ_TYPES,
+ sizeof(*cmdq_ctxts), GFP_KERNEL);
if (!cmdq_ctxts)
return -ENOMEM;
@@ -884,7 +883,6 @@ int hinic_init_cmdqs(struct hinic_cmdqs *cmdqs, struct hinic_hwif *hwif,
struct hinic_func_to_io *func_to_io = cmdqs_to_func_to_io(cmdqs);
struct pci_dev *pdev = hwif->pdev;
struct hinic_hwdev *hwdev;
- size_t saved_wqs_size;
u16 max_wqe_size;
int err;
@@ -895,8 +893,8 @@ int hinic_init_cmdqs(struct hinic_cmdqs *cmdqs, struct hinic_hwif *hwif,
if (!cmdqs->cmdq_buf_pool)
return -ENOMEM;
- saved_wqs_size = HINIC_MAX_CMDQ_TYPES * sizeof(struct hinic_wq);
- cmdqs->saved_wqs = devm_kzalloc(&pdev->dev, saved_wqs_size, GFP_KERNEL);
+ cmdqs->saved_wqs = devm_kcalloc(&pdev->dev, HINIC_MAX_CMDQ_TYPES,
+ sizeof(*cmdqs->saved_wqs), GFP_KERNEL);
if (!cmdqs->saved_wqs) {
err = -ENOMEM;
goto err_saved_wqs;
diff --git a/drivers/net/ethernet/huawei/hinic/hinic_hw_dev.c b/drivers/net/ethernet/huawei/hinic/hinic_hw_dev.c
index 0c74f6674634..799b85c88eff 100644
--- a/drivers/net/ethernet/huawei/hinic/hinic_hw_dev.c
+++ b/drivers/net/ethernet/huawei/hinic/hinic_hw_dev.c
@@ -162,7 +162,6 @@ static int init_msix(struct hinic_hwdev *hwdev)
struct hinic_hwif *hwif = hwdev->hwif;
struct pci_dev *pdev = hwif->pdev;
int nr_irqs, num_aeqs, num_ceqs;
- size_t msix_entries_size;
int i, err;
num_aeqs = HINIC_HWIF_NUM_AEQS(hwif);
@@ -171,8 +170,8 @@ static int init_msix(struct hinic_hwdev *hwdev)
if (nr_irqs > HINIC_HWIF_NUM_IRQS(hwif))
nr_irqs = HINIC_HWIF_NUM_IRQS(hwif);
- msix_entries_size = nr_irqs * sizeof(*hwdev->msix_entries);
- hwdev->msix_entries = devm_kzalloc(&pdev->dev, msix_entries_size,
+ hwdev->msix_entries = devm_kcalloc(&pdev->dev, nr_irqs,
+ sizeof(*hwdev->msix_entries),
GFP_KERNEL);
if (!hwdev->msix_entries)
return -ENOMEM;
diff --git a/drivers/net/ethernet/huawei/hinic/hinic_hw_eqs.c b/drivers/net/ethernet/huawei/hinic/hinic_hw_eqs.c
index 19942fef99d9..7396158df64f 100644
--- a/drivers/net/ethernet/huawei/hinic/hinic_hw_eqs.c
+++ b/drivers/net/ethernet/huawei/hinic/hinic_hw_eqs.c
@@ -631,16 +631,15 @@ static int alloc_eq_pages(struct hinic_eq *eq)
struct hinic_hwif *hwif = eq->hwif;
struct pci_dev *pdev = hwif->pdev;
u32 init_val, addr, val;
- size_t addr_size;
int err, pg;
- addr_size = eq->num_pages * sizeof(*eq->dma_addr);
- eq->dma_addr = devm_kzalloc(&pdev->dev, addr_size, GFP_KERNEL);
+ eq->dma_addr = devm_kcalloc(&pdev->dev, eq->num_pages,
+ sizeof(*eq->dma_addr), GFP_KERNEL);
if (!eq->dma_addr)
return -ENOMEM;
- addr_size = eq->num_pages * sizeof(*eq->virt_addr);
- eq->virt_addr = devm_kzalloc(&pdev->dev, addr_size, GFP_KERNEL);
+ eq->virt_addr = devm_kcalloc(&pdev->dev, eq->num_pages,
+ sizeof(*eq->virt_addr), GFP_KERNEL);
if (!eq->virt_addr) {
err = -ENOMEM;
goto err_virt_addr_alloc;
diff --git a/drivers/net/ethernet/huawei/hinic/hinic_hw_wq.c b/drivers/net/ethernet/huawei/hinic/hinic_hw_wq.c
index f04ac00e3e70..1932e07e97e0 100644
--- a/drivers/net/ethernet/huawei/hinic/hinic_hw_wq.c
+++ b/drivers/net/ethernet/huawei/hinic/hinic_hw_wq.c
@@ -192,20 +192,20 @@ static int alloc_page_arrays(struct hinic_wqs *wqs)
{
struct hinic_hwif *hwif = wqs->hwif;
struct pci_dev *pdev = hwif->pdev;
- size_t size;
- size = wqs->num_pages * sizeof(*wqs->page_paddr);
- wqs->page_paddr = devm_kzalloc(&pdev->dev, size, GFP_KERNEL);
+ wqs->page_paddr = devm_kcalloc(&pdev->dev, wqs->num_pages,
+ sizeof(*wqs->page_paddr), GFP_KERNEL);
if (!wqs->page_paddr)
return -ENOMEM;
- size = wqs->num_pages * sizeof(*wqs->page_vaddr);
- wqs->page_vaddr = devm_kzalloc(&pdev->dev, size, GFP_KERNEL);
+ wqs->page_vaddr = devm_kcalloc(&pdev->dev, wqs->num_pages,
+ sizeof(*wqs->page_vaddr), GFP_KERNEL);
if (!wqs->page_vaddr)
goto err_page_vaddr;
- size = wqs->num_pages * sizeof(*wqs->shadow_page_vaddr);
- wqs->shadow_page_vaddr = devm_kzalloc(&pdev->dev, size, GFP_KERNEL);
+ wqs->shadow_page_vaddr = devm_kcalloc(&pdev->dev, wqs->num_pages,
+ sizeof(*wqs->shadow_page_vaddr),
+ GFP_KERNEL);
if (!wqs->shadow_page_vaddr)
goto err_page_shadow_vaddr;
@@ -378,15 +378,14 @@ static int alloc_wqes_shadow(struct hinic_wq *wq)
{
struct hinic_hwif *hwif = wq->hwif;
struct pci_dev *pdev = hwif->pdev;
- size_t size;
- size = wq->num_q_pages * wq->max_wqe_size;
- wq->shadow_wqe = devm_kzalloc(&pdev->dev, size, GFP_KERNEL);
+ wq->shadow_wqe = devm_kcalloc(&pdev->dev, wq->num_q_pages,
+ wq->max_wqe_size, GFP_KERNEL);
if (!wq->shadow_wqe)
return -ENOMEM;
- size = wq->num_q_pages * sizeof(wq->prod_idx);
- wq->shadow_idx = devm_kzalloc(&pdev->dev, size, GFP_KERNEL);
+ wq->shadow_idx = devm_kcalloc(&pdev->dev, wq->num_q_pages,
+ sizeof(wq->prod_idx), GFP_KERNEL);
if (!wq->shadow_idx)
goto err_shadow_idx;
diff --git a/drivers/net/ethernet/huawei/hinic/hinic_main.c b/drivers/net/ethernet/huawei/hinic/hinic_main.c
index 350225bbe0be..ace949fe6233 100644
--- a/drivers/net/ethernet/huawei/hinic/hinic_main.c
+++ b/drivers/net/ethernet/huawei/hinic/hinic_main.c
@@ -144,13 +144,12 @@ static int create_txqs(struct hinic_dev *nic_dev)
{
int err, i, j, num_txqs = hinic_hwdev_num_qps(nic_dev->hwdev);
struct net_device *netdev = nic_dev->netdev;
- size_t txq_size;
if (nic_dev->txqs)
return -EINVAL;
- txq_size = num_txqs * sizeof(*nic_dev->txqs);
- nic_dev->txqs = devm_kzalloc(&netdev->dev, txq_size, GFP_KERNEL);
+ nic_dev->txqs = devm_kcalloc(&netdev->dev, num_txqs,
+ sizeof(*nic_dev->txqs), GFP_KERNEL);
if (!nic_dev->txqs)
return -ENOMEM;
@@ -242,13 +241,12 @@ static int create_rxqs(struct hinic_dev *nic_dev)
{
int err, i, j, num_rxqs = hinic_hwdev_num_qps(nic_dev->hwdev);
struct net_device *netdev = nic_dev->netdev;
- size_t rxq_size;
if (nic_dev->rxqs)
return -EINVAL;
- rxq_size = num_rxqs * sizeof(*nic_dev->rxqs);
- nic_dev->rxqs = devm_kzalloc(&netdev->dev, rxq_size, GFP_KERNEL);
+ nic_dev->rxqs = devm_kcalloc(&netdev->dev, num_rxqs,
+ sizeof(*nic_dev->rxqs), GFP_KERNEL);
if (!nic_dev->rxqs)
return -ENOMEM;
diff --git a/drivers/net/ethernet/huawei/hinic/hinic_tx.c b/drivers/net/ethernet/huawei/hinic/hinic_tx.c
index 8da7d46363b2..3828b09bfea3 100644
--- a/drivers/net/ethernet/huawei/hinic/hinic_tx.c
+++ b/drivers/net/ethernet/huawei/hinic/hinic_tx.c
@@ -861,7 +861,6 @@ int hinic_init_txq(struct hinic_txq *txq, struct hinic_sq *sq,
struct hinic_dev *nic_dev = netdev_priv(netdev);
struct hinic_hwdev *hwdev = nic_dev->hwdev;
int err, irqname_len;
- size_t sges_size;
txq->netdev = netdev;
txq->sq = sq;
@@ -870,13 +869,13 @@ int hinic_init_txq(struct hinic_txq *txq, struct hinic_sq *sq,
txq->max_sges = HINIC_MAX_SQ_BUFDESCS;
- sges_size = txq->max_sges * sizeof(*txq->sges);
- txq->sges = devm_kzalloc(&netdev->dev, sges_size, GFP_KERNEL);
+ txq->sges = devm_kcalloc(&netdev->dev, txq->max_sges,
+ sizeof(*txq->sges), GFP_KERNEL);
if (!txq->sges)
return -ENOMEM;
- sges_size = txq->max_sges * sizeof(*txq->free_sges);
- txq->free_sges = devm_kzalloc(&netdev->dev, sges_size, GFP_KERNEL);
+ txq->free_sges = devm_kcalloc(&netdev->dev, txq->max_sges,
+ sizeof(*txq->free_sges), GFP_KERNEL);
if (!txq->free_sges) {
err = -ENOMEM;
goto err_alloc_free_sges;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 256/452] hinic: Avoid some over memory allocation
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 255/452] net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 257/452] net/smc: postpone sk_refcnt increment in connect() Greg Kroah-Hartman
` (201 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, David S. Miller,
Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 15d221d0c345b76947911a3ac91897ffe2f1cc4e ]
'prod_idx' (atomic_t) is larger than 'shadow_idx' (u16), so some memory is
over-allocated.
Fixes: b15a9f37be2b ("net-next/hinic: Add wq")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/huawei/hinic/hinic_hw_wq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/huawei/hinic/hinic_hw_wq.c b/drivers/net/ethernet/huawei/hinic/hinic_hw_wq.c
index 1932e07e97e0..f930cd6a75f7 100644
--- a/drivers/net/ethernet/huawei/hinic/hinic_hw_wq.c
+++ b/drivers/net/ethernet/huawei/hinic/hinic_hw_wq.c
@@ -385,7 +385,7 @@ static int alloc_wqes_shadow(struct hinic_wq *wq)
return -ENOMEM;
wq->shadow_idx = devm_kcalloc(&pdev->dev, wq->num_q_pages,
- sizeof(wq->prod_idx), GFP_KERNEL);
+ sizeof(*wq->shadow_idx), GFP_KERNEL);
if (!wq->shadow_idx)
goto err_shadow_idx;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 257/452] net/smc: postpone sk_refcnt increment in connect()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 256/452] hinic: Avoid some over memory allocation Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 258/452] arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 Greg Kroah-Hartman
` (200 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, liuyacan, David S. Miller, Sasha Levin
From: liuyacan <liuyacan@corp.netease.com>
[ Upstream commit 75c1edf23b95a9c66923d9269d8e86e4dbde151f ]
Same trigger condition as commit 86434744. When setsockopt runs
in parallel to a connect(), and switch the socket into fallback
mode. Then the sk_refcnt is incremented in smc_connect(), but
its state stay in SMC_INIT (NOT SMC_ACTIVE). This cause the
corresponding sk_refcnt decrement in __smc_release() will not be
performed.
Fixes: 86434744fedf ("net/smc: add fallback check to connect()")
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/smc/af_smc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 35db3260e8d5..5d7710dd9514 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -1118,9 +1118,9 @@ static int smc_connect(struct socket *sock, struct sockaddr *addr,
if (rc && rc != -EINPROGRESS)
goto out;
- sock_hold(&smc->sk); /* sock put in passive closing */
if (smc->use_fallback)
goto out;
+ sock_hold(&smc->sk); /* sock put in passive closing */
if (flags & O_NONBLOCK) {
if (queue_work(smc_hs_wq, &smc->connect_work))
smc->connect_nonblock = 1;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 258/452] arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 257/452] net/smc: postpone sk_refcnt increment in connect() Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 259/452] memory: samsung: exynos5422-dmc: Avoid some over memory allocation Greg Kroah-Hartman
` (199 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shawn Lin, Heiko Stuebner, Sasha Levin
From: Shawn Lin <shawn.lin@rock-chips.com>
[ Upstream commit 4246d0bab2a8685e3d4aec2cb0ef8c526689ce96 ]
drive-impedance-ohm is introduced for emmc phy instead of pcie phy.
Fixes: fb8b7460c995 ("arm64: dts: rockchip: Define drive-impedance-ohm for RK3399's emmc-phy.")
Signed-off-by: Shawn Lin <shawn.lin@rock-chips.com>
Link: https://lore.kernel.org/r/1647336426-154797-1-git-send-email-shawn.lin@rock-chips.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/rockchip/rk3399.dtsi b/arch/arm64/boot/dts/rockchip/rk3399.dtsi
index 52ba4d07e771..c5f3d4f8f4d2 100644
--- a/arch/arm64/boot/dts/rockchip/rk3399.dtsi
+++ b/arch/arm64/boot/dts/rockchip/rk3399.dtsi
@@ -1471,6 +1471,7 @@
reg = <0xf780 0x24>;
clocks = <&sdhci>;
clock-names = "emmcclk";
+ drive-impedance-ohm = <50>;
#phy-cells = <0>;
status = "disabled";
};
@@ -1481,7 +1482,6 @@
clock-names = "refclk";
#phy-cells = <1>;
resets = <&cru SRST_PCIEPHY>;
- drive-impedance-ohm = <50>;
reset-names = "phy";
status = "disabled";
};
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 259/452] memory: samsung: exynos5422-dmc: Avoid some over memory allocation
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 258/452] arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 260/452] ARM: dts: suniv: F1C100: fix watchdog compatible Greg Kroah-Hartman
` (198 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET,
Krzysztof Kozlowski, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 56653827f0d7bc7c2d8bac0e119fd1521fa9990a ]
'dmc->counter' is a 'struct devfreq_event_dev **', so there is some
over memory allocation. 'counters_size' should be computed with
'sizeof(struct devfreq_event_dev *)'.
Use 'sizeof(*dmc->counter)' instead to fix it.
While at it, use devm_kcalloc() instead of devm_kzalloc()+open coded
multiplication.
Fixes: 6e7674c3c6df ("memory: Add DMC driver for Exynos5422")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/69d7e69346986e2fdb994d4382954c932f9f0993.1647760213.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/memory/samsung/exynos5422-dmc.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/memory/samsung/exynos5422-dmc.c b/drivers/memory/samsung/exynos5422-dmc.c
index 3d230f07eaf2..049a1356f7dd 100644
--- a/drivers/memory/samsung/exynos5422-dmc.c
+++ b/drivers/memory/samsung/exynos5422-dmc.c
@@ -1327,7 +1327,6 @@ static int exynos5_dmc_init_clks(struct exynos5_dmc *dmc)
*/
static int exynos5_performance_counters_init(struct exynos5_dmc *dmc)
{
- int counters_size;
int ret, i;
dmc->num_counters = devfreq_event_get_edev_count(dmc->dev,
@@ -1337,8 +1336,8 @@ static int exynos5_performance_counters_init(struct exynos5_dmc *dmc)
return dmc->num_counters;
}
- counters_size = sizeof(struct devfreq_event_dev) * dmc->num_counters;
- dmc->counter = devm_kzalloc(dmc->dev, counters_size, GFP_KERNEL);
+ dmc->counter = devm_kcalloc(dmc->dev, dmc->num_counters,
+ sizeof(*dmc->counter), GFP_KERNEL);
if (!dmc->counter)
return -ENOMEM;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 260/452] ARM: dts: suniv: F1C100: fix watchdog compatible
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 259/452] memory: samsung: exynos5422-dmc: Avoid some over memory allocation Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 261/452] soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc Greg Kroah-Hartman
` (197 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andre Przywara, Guenter Roeck,
Jernej Skrabec, Sasha Levin
From: Andre Przywara <andre.przywara@arm.com>
[ Upstream commit 01a850ee61cbf0ab77dcbf26bb133fec2dd640d6 ]
The F1C100 series of SoCs actually have their watchdog IP being
compatible with the newer Allwinner generation, not the older one.
The currently described sun4i-a10-wdt actually does not work, neither
the watchdog functionality (just never fires), nor the reset part
(reboot hangs).
Replace the compatible string with the one used by the newer generation.
Verified to work with both the watchdog and reboot functionality on a
LicheePi Nano.
Also add the missing interrupt line and clock source, to make it binding
compliant.
Fixes: 4ba16d17efdd ("ARM: dts: suniv: add initial DTSI file for F1C100s")
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Acked-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Link: https://lore.kernel.org/r/20220317162349.739636-4-andre.przywara@arm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/suniv-f1c100s.dtsi | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/suniv-f1c100s.dtsi b/arch/arm/boot/dts/suniv-f1c100s.dtsi
index 6100d3b75f61..def830101448 100644
--- a/arch/arm/boot/dts/suniv-f1c100s.dtsi
+++ b/arch/arm/boot/dts/suniv-f1c100s.dtsi
@@ -104,8 +104,10 @@
wdt: watchdog@1c20ca0 {
compatible = "allwinner,suniv-f1c100s-wdt",
- "allwinner,sun4i-a10-wdt";
+ "allwinner,sun6i-a31-wdt";
reg = <0x01c20ca0 0x20>;
+ interrupts = <16>;
+ clocks = <&osc32k>;
};
uart0: serial@1c25000 {
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 261/452] soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 260/452] ARM: dts: suniv: F1C100: fix watchdog compatible Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 262/452] soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc Greg Kroah-Hartman
` (196 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Bjorn Andersson, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 8fd3f18ea31a398ecce4a6d3804433658678b0a3 ]
The device_node pointer is returned by of_parse_phandle() with refcount
incremented. We should use of_node_put() on it when done.
Fixes: 50e99641413e ("soc: qcom: smp2p: Qualcomm Shared Memory Point to Point")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220308071942.22942-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/qcom/smp2p.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/soc/qcom/smp2p.c b/drivers/soc/qcom/smp2p.c
index a9709aae54ab..fb76c8bc3c64 100644
--- a/drivers/soc/qcom/smp2p.c
+++ b/drivers/soc/qcom/smp2p.c
@@ -420,6 +420,7 @@ static int smp2p_parse_ipc(struct qcom_smp2p *smp2p)
}
smp2p->ipc_regmap = syscon_node_to_regmap(syscon);
+ of_node_put(syscon);
if (IS_ERR(smp2p->ipc_regmap))
return PTR_ERR(smp2p->ipc_regmap);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 262/452] soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 261/452] soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc Greg Kroah-Hartman
@ 2022-06-07 17:01 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 263/452] PCI: cadence: Fix find_first_zero_bit() limit Greg Kroah-Hartman
` (195 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:01 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Bjorn Andersson, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit aad66a3c78da668f4506356c2fdb70b7a19ecc76 ]
The device_node pointer is returned by of_parse_phandle() with refcount
incremented. We should use of_node_put() on it when done.
Fixes: c97c4090ff72 ("soc: qcom: smsm: Add driver for Qualcomm SMSM")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220308073648.24634-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/qcom/smsm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/soc/qcom/smsm.c b/drivers/soc/qcom/smsm.c
index c428d0f78816..6564f15c5319 100644
--- a/drivers/soc/qcom/smsm.c
+++ b/drivers/soc/qcom/smsm.c
@@ -359,6 +359,7 @@ static int smsm_parse_ipc(struct qcom_smsm *smsm, unsigned host_id)
return 0;
host->ipc_regmap = syscon_node_to_regmap(syscon);
+ of_node_put(syscon);
if (IS_ERR(host->ipc_regmap))
return PTR_ERR(host->ipc_regmap);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 263/452] PCI: cadence: Fix find_first_zero_bit() limit
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2022-06-07 17:01 ` [PATCH 5.10 262/452] soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 264/452] PCI: rockchip: " Greg Kroah-Hartman
` (194 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Lorenzo Pieralisi,
Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 0aa3a0937feeb91a0e4e438c3c063b749b194192 ]
The ep->ob_region_map bitmap is a long and it has BITS_PER_LONG bits.
Link: https://lore.kernel.org/r/20220315065829.GA13572@kili
Fixes: 37dddf14f1ae ("PCI: cadence: Add EndPoint Controller driver for Cadence PCIe controller")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/pci/controller/cadence/pcie-cadence-ep.c b/drivers/pci/controller/cadence/pcie-cadence-ep.c
index 1af14474abcf..4c5e6349d78c 100644
--- a/drivers/pci/controller/cadence/pcie-cadence-ep.c
+++ b/drivers/pci/controller/cadence/pcie-cadence-ep.c
@@ -154,8 +154,7 @@ static int cdns_pcie_ep_map_addr(struct pci_epc *epc, u8 fn, phys_addr_t addr,
struct cdns_pcie *pcie = &ep->pcie;
u32 r;
- r = find_first_zero_bit(&ep->ob_region_map,
- sizeof(ep->ob_region_map) * BITS_PER_LONG);
+ r = find_first_zero_bit(&ep->ob_region_map, BITS_PER_LONG);
if (r >= ep->max_regions - 1) {
dev_err(&epc->dev, "no free outbound region\n");
return -EINVAL;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 264/452] PCI: rockchip: Fix find_first_zero_bit() limit
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 263/452] PCI: cadence: Fix find_first_zero_bit() limit Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 265/452] PCI: dwc: Fix setting error return on MSI DMA mapping failure Greg Kroah-Hartman
` (193 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Lorenzo Pieralisi,
Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 096950e230b8d83645c7cf408b9f399f58c08b96 ]
The ep->ob_region_map bitmap is a long and it has BITS_PER_LONG bits.
Link: https://lore.kernel.org/r/20220315065944.GB13572@kili
Fixes: cf590b078391 ("PCI: rockchip: Add EP driver for Rockchip PCIe controller")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/pcie-rockchip-ep.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/pci/controller/pcie-rockchip-ep.c b/drivers/pci/controller/pcie-rockchip-ep.c
index 7631dc3961c1..379cde59988c 100644
--- a/drivers/pci/controller/pcie-rockchip-ep.c
+++ b/drivers/pci/controller/pcie-rockchip-ep.c
@@ -264,8 +264,7 @@ static int rockchip_pcie_ep_map_addr(struct pci_epc *epc, u8 fn,
struct rockchip_pcie *pcie = &ep->rockchip;
u32 r;
- r = find_first_zero_bit(&ep->ob_region_map,
- sizeof(ep->ob_region_map) * BITS_PER_LONG);
+ r = find_first_zero_bit(&ep->ob_region_map, BITS_PER_LONG);
/*
* Region 0 is reserved for configuration space and shouldn't
* be used elsewhere per TRM, so leave it out.
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 265/452] PCI: dwc: Fix setting error return on MSI DMA mapping failure
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 264/452] PCI: rockchip: " Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 266/452] ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks Greg Kroah-Hartman
` (192 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianrong Zhang, Jiantao Zhang,
Lorenzo Pieralisi, Rob Herring, Sasha Levin
From: Jiantao Zhang <water.zhangjiantao@huawei.com>
[ Upstream commit 88557685cd72cf0db686a4ebff3fad4365cb6071 ]
When dma_mapping_error() returns error because of no enough memory,
but dw_pcie_host_init() returns success, which will mislead the callers.
Link: https://lore.kernel.org/r/30170911-0e2f-98ce-9266-70465b9073e5@huawei.com
Fixes: 07940c369a6b ("PCI: dwc: Fix MSI page leakage in suspend/resume")
Signed-off-by: Jianrong Zhang <zhangjianrong5@huawei.com>
Signed-off-by: Jiantao Zhang <water.zhangjiantao@huawei.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/dwc/pcie-designware-host.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/pci/controller/dwc/pcie-designware-host.c b/drivers/pci/controller/dwc/pcie-designware-host.c
index 44c2a6572199..42d8116a4a00 100644
--- a/drivers/pci/controller/dwc/pcie-designware-host.c
+++ b/drivers/pci/controller/dwc/pcie-designware-host.c
@@ -392,7 +392,8 @@ int dw_pcie_host_init(struct pcie_port *pp)
sizeof(pp->msi_msg),
DMA_FROM_DEVICE,
DMA_ATTR_SKIP_CPU_SYNC);
- if (dma_mapping_error(pci->dev, pp->msi_data)) {
+ ret = dma_mapping_error(pci->dev, pp->msi_data);
+ if (ret) {
dev_err(pci->dev, "Failed to map MSI data\n");
pp->msi_data = 0;
goto err_free_msi;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 266/452] ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 265/452] PCI: dwc: Fix setting error return on MSI DMA mapping failure Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 267/452] soc: qcom: llcc: Add MODULE_DEVICE_TABLE() Greg Kroah-Hartman
` (191 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thorsten Scherer,
Uwe Kleine-König, Shawn Guo, Sasha Levin
From: Thorsten Scherer <t.scherer@eckelmann.de>
[ Upstream commit 3d397a1277853498e8b7b305f2610881357c033f ]
Commit f3e7dae323ab ("ARM: dts: imx6qdl: add enet_out clk
support") added another item to the list of clocks for the fec
device. As imx6dl-eckelmann-ci4x10.dts only overwrites clocks,
but not clock-names this resulted in an inconsistency with
clocks having one item more than clock-names.
Also overwrite clock-names with the same value as in
imx6qdl.dtsi. This is a no-op today, but prevents similar
inconsistencies if the soc file will be changed in a similar way
in the future.
Signed-off-by: Thorsten Scherer <t.scherer@eckelmann.de>
Reviewed-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Fixes: f3e7dae323ab ("ARM: dts: imx6qdl: add enet_out clk support")
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6dl-eckelmann-ci4x10.dts | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/imx6dl-eckelmann-ci4x10.dts b/arch/arm/boot/dts/imx6dl-eckelmann-ci4x10.dts
index b4a9523e325b..864dc5018451 100644
--- a/arch/arm/boot/dts/imx6dl-eckelmann-ci4x10.dts
+++ b/arch/arm/boot/dts/imx6dl-eckelmann-ci4x10.dts
@@ -297,7 +297,11 @@
phy-mode = "rmii";
phy-reset-gpios = <&gpio1 18 GPIO_ACTIVE_LOW>;
phy-handle = <&phy>;
- clocks = <&clks IMX6QDL_CLK_ENET>, <&clks IMX6QDL_CLK_ENET>, <&rmii_clk>;
+ clocks = <&clks IMX6QDL_CLK_ENET>,
+ <&clks IMX6QDL_CLK_ENET>,
+ <&rmii_clk>,
+ <&clks IMX6QDL_CLK_ENET_REF>;
+ clock-names = "ipg", "ahb", "ptp", "enet_out";
status = "okay";
mdio {
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 267/452] soc: qcom: llcc: Add MODULE_DEVICE_TABLE()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 266/452] ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 268/452] KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry Greg Kroah-Hartman
` (190 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bjorn Andersson, Sai Prakash Ranjan,
Dmitry Baryshkov, Sasha Levin
From: Bjorn Andersson <bjorn.andersson@linaro.org>
[ Upstream commit 5334a3b12a7233b31788de60d61bfd890059d783 ]
The llcc-qcom driver can be compiled as a module, but lacks
MODULE_DEVICE_TABLE() and will therefore not be loaded automatically.
Fix this.
Fixes: a3134fb09e0b ("drivers: soc: Add LLCC driver")
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Reviewed-by: Sai Prakash Ranjan <quic_saipraka@quicinc.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Link: https://lore.kernel.org/r/20220408213336.581661-3-bjorn.andersson@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/qcom/llcc-qcom.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/soc/qcom/llcc-qcom.c b/drivers/soc/qcom/llcc-qcom.c
index 70fbe70c6213..2e06f48d683d 100644
--- a/drivers/soc/qcom/llcc-qcom.c
+++ b/drivers/soc/qcom/llcc-qcom.c
@@ -496,6 +496,7 @@ static const struct of_device_id qcom_llcc_of_match[] = {
{ .compatible = "qcom,sdm845-llcc", .data = &sdm845_cfg },
{ }
};
+MODULE_DEVICE_TABLE(of, qcom_llcc_of_match);
static struct platform_driver qcom_llcc_driver = {
.driver = {
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 268/452] KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 267/452] soc: qcom: llcc: Add MODULE_DEVICE_TABLE() Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 269/452] KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault Greg Kroah-Hartman
` (189 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Paolo Bonzini,
Sasha Levin
From: Sean Christopherson <seanjc@google.com>
[ Upstream commit c3634d25fbee88e2368a8e0903ae0d0670eb9e71 ]
Don't modify vmcs12 exit fields except EXIT_REASON and EXIT_QUALIFICATION
when performing a nested VM-Exit due to failed VM-Entry. Per the SDM,
only the two aformentioned fields are filled and "All other VM-exit
information fields are unmodified".
Fixes: 4704d0befb07 ("KVM: nVMX: Exiting from L2 to L1")
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220407002315.78092-3-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kvm/vmx/nested.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 0c2389d0fdaf..fe53cab1a8a6 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -4143,12 +4143,12 @@ static void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
/* update exit information fields: */
vmcs12->vm_exit_reason = vm_exit_reason;
vmcs12->exit_qualification = exit_qualification;
- vmcs12->vm_exit_intr_info = exit_intr_info;
-
- vmcs12->idt_vectoring_info_field = 0;
- vmcs12->vm_exit_instruction_len = vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
- vmcs12->vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO);
+ /*
+ * On VM-Exit due to a failed VM-Entry, the VMCS isn't marked launched
+ * and only EXIT_REASON and EXIT_QUALIFICATION are updated, all other
+ * exit info fields are unmodified.
+ */
if (!(vmcs12->vm_exit_reason & VMX_EXIT_REASONS_FAILED_VMENTRY)) {
vmcs12->launch_state = 1;
@@ -4160,8 +4160,13 @@ static void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
* Transfer the event that L0 or L1 may wanted to inject into
* L2 to IDT_VECTORING_INFO_FIELD.
*/
+ vmcs12->idt_vectoring_info_field = 0;
vmcs12_save_pending_event(vcpu, vmcs12);
+ vmcs12->vm_exit_intr_info = exit_intr_info;
+ vmcs12->vm_exit_instruction_len = vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
+ vmcs12->vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO);
+
/*
* According to spec, there's no need to store the guest's
* MSRs if the exit is due to a VM-entry failure that occurs
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 269/452] KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 268/452] KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 270/452] platform/chrome: cros_ec: fix error handling in cros_ec_register() Greg Kroah-Hartman
` (188 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chenyi Qiang, Sean Christopherson,
Paolo Bonzini, Sasha Levin
From: Sean Christopherson <seanjc@google.com>
[ Upstream commit 9bd1f0efa859b61950d109b32ff8d529cc33a3ad ]
Clear the IDT vectoring field in vmcs12 on next VM-Exit due to a double
or triple fault. Per the SDM, a VM-Exit isn't considered to occur during
event delivery if the exit is due to an intercepted double fault or a
triple fault. Opportunistically move the default clearing (no event
"pending") into the helper so that it's more obvious that KVM does indeed
handle this case.
Note, the double fault case is worded rather wierdly in the SDM:
The original event results in a double-fault exception that causes the
VM exit directly.
Temporarily ignoring injected events, double faults can _only_ occur if
an exception occurs while attempting to deliver a different exception,
i.e. there's _always_ an original event. And for injected double fault,
while there's no original event, injected events are never subject to
interception.
Presumably the SDM is calling out that a the vectoring info will be valid
if a different exit occurs after a double fault, e.g. if a #PF occurs and
is intercepted while vectoring #DF, then the vectoring info will show the
double fault. In other words, the clause can simply be read as:
The VM exit is caused by a double-fault exception.
Fixes: 4704d0befb07 ("KVM: nVMX: Exiting from L2 to L1")
Cc: Chenyi Qiang <chenyi.qiang@intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220407002315.78092-4-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kvm/vmx/nested.c | 32 ++++++++++++++++++++++++++++----
arch/x86/kvm/vmx/vmcs.h | 5 +++++
2 files changed, 33 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index fe53cab1a8a6..90881d7b42ea 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -3668,12 +3668,34 @@ vmcs12_guest_cr4(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
}
static void vmcs12_save_pending_event(struct kvm_vcpu *vcpu,
- struct vmcs12 *vmcs12)
+ struct vmcs12 *vmcs12,
+ u32 vm_exit_reason, u32 exit_intr_info)
{
u32 idt_vectoring;
unsigned int nr;
- if (vcpu->arch.exception.injected) {
+ /*
+ * Per the SDM, VM-Exits due to double and triple faults are never
+ * considered to occur during event delivery, even if the double/triple
+ * fault is the result of an escalating vectoring issue.
+ *
+ * Note, the SDM qualifies the double fault behavior with "The original
+ * event results in a double-fault exception". It's unclear why the
+ * qualification exists since exits due to double fault can occur only
+ * while vectoring a different exception (injected events are never
+ * subject to interception), i.e. there's _always_ an original event.
+ *
+ * The SDM also uses NMI as a confusing example for the "original event
+ * causes the VM exit directly" clause. NMI isn't special in any way,
+ * the same rule applies to all events that cause an exit directly.
+ * NMI is an odd choice for the example because NMIs can only occur on
+ * instruction boundaries, i.e. they _can't_ occur during vectoring.
+ */
+ if ((u16)vm_exit_reason == EXIT_REASON_TRIPLE_FAULT ||
+ ((u16)vm_exit_reason == EXIT_REASON_EXCEPTION_NMI &&
+ is_double_fault(exit_intr_info))) {
+ vmcs12->idt_vectoring_info_field = 0;
+ } else if (vcpu->arch.exception.injected) {
nr = vcpu->arch.exception.nr;
idt_vectoring = nr | VECTORING_INFO_VALID_MASK;
@@ -3706,6 +3728,8 @@ static void vmcs12_save_pending_event(struct kvm_vcpu *vcpu,
idt_vectoring |= INTR_TYPE_EXT_INTR;
vmcs12->idt_vectoring_info_field = idt_vectoring;
+ } else {
+ vmcs12->idt_vectoring_info_field = 0;
}
}
@@ -4160,8 +4184,8 @@ static void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12,
* Transfer the event that L0 or L1 may wanted to inject into
* L2 to IDT_VECTORING_INFO_FIELD.
*/
- vmcs12->idt_vectoring_info_field = 0;
- vmcs12_save_pending_event(vcpu, vmcs12);
+ vmcs12_save_pending_event(vcpu, vmcs12,
+ vm_exit_reason, exit_intr_info);
vmcs12->vm_exit_intr_info = exit_intr_info;
vmcs12->vm_exit_instruction_len = vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
diff --git a/arch/x86/kvm/vmx/vmcs.h b/arch/x86/kvm/vmx/vmcs.h
index 571d9ad80a59..69c147df957f 100644
--- a/arch/x86/kvm/vmx/vmcs.h
+++ b/arch/x86/kvm/vmx/vmcs.h
@@ -102,6 +102,11 @@ static inline bool is_breakpoint(u32 intr_info)
return is_exception_n(intr_info, BP_VECTOR);
}
+static inline bool is_double_fault(u32 intr_info)
+{
+ return is_exception_n(intr_info, DF_VECTOR);
+}
+
static inline bool is_page_fault(u32 intr_info)
{
return is_exception_n(intr_info, PF_VECTOR);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 270/452] platform/chrome: cros_ec: fix error handling in cros_ec_register()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 269/452] KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 271/452] ARM: dts: imx6dl-colibri: Fix I2C pinmuxing Greg Kroah-Hartman
` (187 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Prashant Malani, Tzung-Bi Shih, Sasha Levin
From: Tzung-Bi Shih <tzungbi@kernel.org>
[ Upstream commit 2cd01bd6b117df07b1bc2852f08694fdd29e40ed ]
Fix cros_ec_register() to unregister platform devices if
blocking_notifier_chain_register() fails.
Also use the single exit path to handle the platform device
unregistration.
Fixes: 42cd0ab476e2 ("platform/chrome: cros_ec: Query EC protocol version if EC transitions between RO/RW")
Reviewed-by: Prashant Malani <pmalani@chromium.org>
Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/chrome/cros_ec.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/drivers/platform/chrome/cros_ec.c b/drivers/platform/chrome/cros_ec.c
index 3104680b7485..979f92194e81 100644
--- a/drivers/platform/chrome/cros_ec.c
+++ b/drivers/platform/chrome/cros_ec.c
@@ -175,6 +175,8 @@ int cros_ec_register(struct cros_ec_device *ec_dev)
ec_dev->max_request = sizeof(struct ec_params_hello);
ec_dev->max_response = sizeof(struct ec_response_get_protocol_info);
ec_dev->max_passthru = 0;
+ ec_dev->ec = NULL;
+ ec_dev->pd = NULL;
ec_dev->din = devm_kzalloc(dev, ec_dev->din_size, GFP_KERNEL);
if (!ec_dev->din)
@@ -231,18 +233,16 @@ int cros_ec_register(struct cros_ec_device *ec_dev)
if (IS_ERR(ec_dev->pd)) {
dev_err(ec_dev->dev,
"Failed to create CrOS PD platform device\n");
- platform_device_unregister(ec_dev->ec);
- return PTR_ERR(ec_dev->pd);
+ err = PTR_ERR(ec_dev->pd);
+ goto exit;
}
}
if (IS_ENABLED(CONFIG_OF) && dev->of_node) {
err = devm_of_platform_populate(dev);
if (err) {
- platform_device_unregister(ec_dev->pd);
- platform_device_unregister(ec_dev->ec);
dev_err(dev, "Failed to register sub-devices\n");
- return err;
+ goto exit;
}
}
@@ -264,12 +264,16 @@ int cros_ec_register(struct cros_ec_device *ec_dev)
err = blocking_notifier_chain_register(&ec_dev->event_notifier,
&ec_dev->notifier_ready);
if (err)
- return err;
+ goto exit;
}
dev_info(dev, "Chrome EC device registered\n");
return 0;
+exit:
+ platform_device_unregister(ec_dev->ec);
+ platform_device_unregister(ec_dev->pd);
+ return err;
}
EXPORT_SYMBOL(cros_ec_register);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 271/452] ARM: dts: imx6dl-colibri: Fix I2C pinmuxing
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 270/452] platform/chrome: cros_ec: fix error handling in cros_ec_register() Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 272/452] platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls Greg Kroah-Hartman
` (186 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Max Krummenacher, Shawn Guo, Sasha Levin
From: Max Krummenacher <max.krummenacher@toradex.com>
[ Upstream commit 5f5c579a34a87117c20b411df583ae816c1ec84f ]
Fix names of extra pingroup node and property for gpio bus recovery.
Without the change i2c2 is not functional.
Fixes: 56f0df6b6b58 ("ARM: dts: imx*(colibri|apalis): add missing recovery modes to i2c")
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6qdl-colibri.dtsi | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm/boot/dts/imx6qdl-colibri.dtsi b/arch/arm/boot/dts/imx6qdl-colibri.dtsi
index 4e2a309c93fa..1e86b3814708 100644
--- a/arch/arm/boot/dts/imx6qdl-colibri.dtsi
+++ b/arch/arm/boot/dts/imx6qdl-colibri.dtsi
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: GPL-2.0+ OR MIT
/*
- * Copyright 2014-2020 Toradex
+ * Copyright 2014-2022 Toradex
* Copyright 2012 Freescale Semiconductor, Inc.
* Copyright 2011 Linaro Ltd.
*/
@@ -132,7 +132,7 @@
clock-frequency = <100000>;
pinctrl-names = "default", "gpio";
pinctrl-0 = <&pinctrl_i2c2>;
- pinctrl-0 = <&pinctrl_i2c2_gpio>;
+ pinctrl-1 = <&pinctrl_i2c2_gpio>;
scl-gpios = <&gpio2 30 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
sda-gpios = <&gpio3 16 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
status = "okay";
@@ -488,7 +488,7 @@
>;
};
- pinctrl_i2c2_gpio: i2c2grp {
+ pinctrl_i2c2_gpio: i2c2gpiogrp {
fsl,pins = <
MX6QDL_PAD_EIM_EB2__GPIO2_IO30 0x4001b8b1
MX6QDL_PAD_EIM_D16__GPIO3_IO16 0x4001b8b1
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 272/452] platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 271/452] ARM: dts: imx6dl-colibri: Fix I2C pinmuxing Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 273/452] can: xilinx_can: mark bit timing constants as const Greg Kroah-Hartman
` (185 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Daisuke Nojiri, Rob Barnes,
Rajat Jain, Brian Norris, Parth Malkan, Guenter Roeck,
Tzung-Bi Shih, Sasha Levin
From: Guenter Roeck <linux@roeck-us.net>
[ Upstream commit 57b888ca2541785de2fcb90575b378921919b6c0 ]
Commit 413dda8f2c6f ("platform/chrome: cros_ec_chardev: Use
cros_ec_cmd_xfer_status helper") inadvertendly changed the userspace ABI.
Previously, cros_ec ioctls would only report errors if the EC communication
failed, and otherwise return success and the result of the EC
communication. An EC command execution failure was reported in the EC
response field. The above mentioned commit changed this behavior, and the
ioctl itself would fail. This breaks userspace commands trying to analyze
the EC command execution error since the actual EC command response is no
longer reported to userspace.
Fix the problem by re-introducing the cros_ec_cmd_xfer() helper, and use it
to handle ioctl messages.
Fixes: 413dda8f2c6f ("platform/chrome: cros_ec_chardev: Use cros_ec_cmd_xfer_status helper")
Cc: Daisuke Nojiri <dnojiri@chromium.org>
Cc: Rob Barnes <robbarnes@google.com>
Cc: Rajat Jain <rajatja@google.com>
Cc: Brian Norris <briannorris@chromium.org>
Cc: Parth Malkan <parthmalkan@google.com>
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/chrome/cros_ec_chardev.c | 2 +-
drivers/platform/chrome/cros_ec_proto.c | 50 +++++++++++++++++----
include/linux/platform_data/cros_ec_proto.h | 3 ++
3 files changed, 45 insertions(+), 10 deletions(-)
diff --git a/drivers/platform/chrome/cros_ec_chardev.c b/drivers/platform/chrome/cros_ec_chardev.c
index e0bce869c49a..fd33de546aee 100644
--- a/drivers/platform/chrome/cros_ec_chardev.c
+++ b/drivers/platform/chrome/cros_ec_chardev.c
@@ -301,7 +301,7 @@ static long cros_ec_chardev_ioctl_xcmd(struct cros_ec_dev *ec, void __user *arg)
}
s_cmd->command += ec->cmd_offset;
- ret = cros_ec_cmd_xfer_status(ec->ec_dev, s_cmd);
+ ret = cros_ec_cmd_xfer(ec->ec_dev, s_cmd);
/* Only copy data to userland if data was received. */
if (ret < 0)
goto exit;
diff --git a/drivers/platform/chrome/cros_ec_proto.c b/drivers/platform/chrome/cros_ec_proto.c
index 9f698a7aad12..e1fadf059e05 100644
--- a/drivers/platform/chrome/cros_ec_proto.c
+++ b/drivers/platform/chrome/cros_ec_proto.c
@@ -560,22 +560,28 @@ int cros_ec_query_all(struct cros_ec_device *ec_dev)
EXPORT_SYMBOL(cros_ec_query_all);
/**
- * cros_ec_cmd_xfer_status() - Send a command to the ChromeOS EC.
+ * cros_ec_cmd_xfer() - Send a command to the ChromeOS EC.
* @ec_dev: EC device.
* @msg: Message to write.
*
- * Call this to send a command to the ChromeOS EC. This should be used instead of calling the EC's
- * cmd_xfer() callback directly. It returns success status only if both the command was transmitted
- * successfully and the EC replied with success status.
+ * Call this to send a command to the ChromeOS EC. This should be used instead
+ * of calling the EC's cmd_xfer() callback directly. This function does not
+ * convert EC command execution error codes to Linux error codes. Most
+ * in-kernel users will want to use cros_ec_cmd_xfer_status() instead since
+ * that function implements the conversion.
*
* Return:
- * >=0 - The number of bytes transferred
- * <0 - Linux error code
+ * >0 - EC command was executed successfully. The return value is the number
+ * of bytes returned by the EC (excluding the header).
+ * =0 - EC communication was successful. EC command execution results are
+ * reported in msg->result. The result will be EC_RES_SUCCESS if the
+ * command was executed successfully or report an EC command execution
+ * error.
+ * <0 - EC communication error. Return value is the Linux error code.
*/
-int cros_ec_cmd_xfer_status(struct cros_ec_device *ec_dev,
- struct cros_ec_command *msg)
+int cros_ec_cmd_xfer(struct cros_ec_device *ec_dev, struct cros_ec_command *msg)
{
- int ret, mapped;
+ int ret;
mutex_lock(&ec_dev->lock);
if (ec_dev->proto_version == EC_PROTO_VERSION_UNKNOWN) {
@@ -616,6 +622,32 @@ int cros_ec_cmd_xfer_status(struct cros_ec_device *ec_dev,
ret = send_command(ec_dev, msg);
mutex_unlock(&ec_dev->lock);
+ return ret;
+}
+EXPORT_SYMBOL(cros_ec_cmd_xfer);
+
+/**
+ * cros_ec_cmd_xfer_status() - Send a command to the ChromeOS EC.
+ * @ec_dev: EC device.
+ * @msg: Message to write.
+ *
+ * Call this to send a command to the ChromeOS EC. This should be used instead of calling the EC's
+ * cmd_xfer() callback directly. It returns success status only if both the command was transmitted
+ * successfully and the EC replied with success status.
+ *
+ * Return:
+ * >=0 - The number of bytes transferred.
+ * <0 - Linux error code
+ */
+int cros_ec_cmd_xfer_status(struct cros_ec_device *ec_dev,
+ struct cros_ec_command *msg)
+{
+ int ret, mapped;
+
+ ret = cros_ec_cmd_xfer(ec_dev, msg);
+ if (ret < 0)
+ return ret;
+
mapped = cros_ec_map_error(msg->result);
if (mapped) {
dev_dbg(ec_dev->dev, "Command result (err: %d [%d])\n",
diff --git a/include/linux/platform_data/cros_ec_proto.h b/include/linux/platform_data/cros_ec_proto.h
index 02599687770c..7f03e02c48cd 100644
--- a/include/linux/platform_data/cros_ec_proto.h
+++ b/include/linux/platform_data/cros_ec_proto.h
@@ -216,6 +216,9 @@ int cros_ec_prepare_tx(struct cros_ec_device *ec_dev,
int cros_ec_check_result(struct cros_ec_device *ec_dev,
struct cros_ec_command *msg);
+int cros_ec_cmd_xfer(struct cros_ec_device *ec_dev,
+ struct cros_ec_command *msg);
+
int cros_ec_cmd_xfer_status(struct cros_ec_device *ec_dev,
struct cros_ec_command *msg);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 273/452] can: xilinx_can: mark bit timing constants as const
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 272/452] platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 274/452] ARM: dts: stm32: Fix PHY post-reset delay on Avenger96 Greg Kroah-Hartman
` (184 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Appana Durga Kedareswara rao,
Naga Sureshkumar Relli, Marc Kleine-Budde, Sasha Levin
From: Marc Kleine-Budde <mkl@pengutronix.de>
[ Upstream commit ae38fda02996d43d9fb09f16e81e0008704dd524 ]
This patch marks the bit timing constants as const.
Fixes: c223da689324 ("can: xilinx_can: Add support for CANFD FD frames")
Link: https://lore.kernel.org/all/20220317203119.792552-1-mkl@pengutronix.de
Cc: Appana Durga Kedareswara rao <appana.durga.rao@xilinx.com>
Cc: Naga Sureshkumar Relli <naga.sureshkumar.relli@xilinx.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/xilinx_can.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/can/xilinx_can.c b/drivers/net/can/xilinx_can.c
index 375998263af7..1c42417810fc 100644
--- a/drivers/net/can/xilinx_can.c
+++ b/drivers/net/can/xilinx_can.c
@@ -239,7 +239,7 @@ static const struct can_bittiming_const xcan_bittiming_const_canfd = {
};
/* AXI CANFD Data Bittiming constants as per AXI CANFD 1.0 specs */
-static struct can_bittiming_const xcan_data_bittiming_const_canfd = {
+static const struct can_bittiming_const xcan_data_bittiming_const_canfd = {
.name = DRIVER_NAME,
.tseg1_min = 1,
.tseg1_max = 16,
@@ -265,7 +265,7 @@ static const struct can_bittiming_const xcan_bittiming_const_canfd2 = {
};
/* AXI CANFD 2.0 Data Bittiming constants as per AXI CANFD 2.0 spec */
-static struct can_bittiming_const xcan_data_bittiming_const_canfd2 = {
+static const struct can_bittiming_const xcan_data_bittiming_const_canfd2 = {
.name = DRIVER_NAME,
.tseg1_min = 1,
.tseg1_max = 32,
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 274/452] ARM: dts: stm32: Fix PHY post-reset delay on Avenger96
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 273/452] can: xilinx_can: mark bit timing constants as const Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 275/452] ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT Greg Kroah-Hartman
` (183 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel, linux-arm-kernel
Cc: Greg Kroah-Hartman, stable, Marek Vasut, Alexandre Torgue,
Patrice Chotard, Patrick Delaunay, linux-stm32, Sasha Levin
From: Marek Vasut <marex@denx.de>
[ Upstream commit ef2d90708883f4025a801feb0ba8411a7a4387e1 ]
Per KSZ9031RNX PHY datasheet FIGURE 7-5: POWER-UP/POWER-DOWN/RESET TIMING
Note 2: After the de-assertion of reset, wait a minimum of 100 μs before
starting programming on the MIIM (MDC/MDIO) interface.
Add 1ms post-reset delay to guarantee this figure.
Fixes: 010ca9fe500bf ("ARM: dts: stm32: Add missing ethernet PHY reset on AV96")
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Alexandre Torgue <alexandre.torgue@foss.st.com>
Cc: Patrice Chotard <patrice.chotard@foss.st.com>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
Cc: linux-stm32@st-md-mailman.stormreply.com
To: linux-arm-kernel@lists.infradead.org
Signed-off-by: Alexandre Torgue <alexandre.torgue@foss.st.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/stm32mp15xx-dhcor-avenger96.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/boot/dts/stm32mp15xx-dhcor-avenger96.dtsi b/arch/arm/boot/dts/stm32mp15xx-dhcor-avenger96.dtsi
index 944d38b85eef..f3e0c790a4b1 100644
--- a/arch/arm/boot/dts/stm32mp15xx-dhcor-avenger96.dtsi
+++ b/arch/arm/boot/dts/stm32mp15xx-dhcor-avenger96.dtsi
@@ -141,6 +141,7 @@
compatible = "snps,dwmac-mdio";
reset-gpios = <&gpioz 2 GPIO_ACTIVE_LOW>;
reset-delay-us = <1000>;
+ reset-post-delay-us = <1000>;
phy0: ethernet-phy@7 {
reg = <7>;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 275/452] ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 274/452] ARM: dts: stm32: Fix PHY post-reset delay on Avenger96 Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 276/452] ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C Greg Kroah-Hartman
` (182 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Phil Elwell, Stefan Wahren,
Florian Fainelli, Sasha Levin
From: Phil Elwell <phil@raspberrypi.com>
[ Upstream commit 2c663e5e5bbf2a5b85e0f76ccb69663f583c3e33 ]
The GPIOs 30 to 39 are connected to the Cypress CYW43438 (Wifi/BT).
So fix the GPIO line names accordingly.
Fixes: 2c7c040c73e9 ("ARM: dts: bcm2835: Add Raspberry Pi Zero W")
Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/bcm2835-rpi-zero-w.dts | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/arch/arm/boot/dts/bcm2835-rpi-zero-w.dts b/arch/arm/boot/dts/bcm2835-rpi-zero-w.dts
index 33b2b77aa47d..00582eb2c12e 100644
--- a/arch/arm/boot/dts/bcm2835-rpi-zero-w.dts
+++ b/arch/arm/boot/dts/bcm2835-rpi-zero-w.dts
@@ -74,16 +74,18 @@
"GPIO27",
"SDA0",
"SCL0",
- "NC", /* GPIO30 */
- "NC", /* GPIO31 */
- "NC", /* GPIO32 */
- "NC", /* GPIO33 */
- "NC", /* GPIO34 */
- "NC", /* GPIO35 */
- "NC", /* GPIO36 */
- "NC", /* GPIO37 */
- "NC", /* GPIO38 */
- "NC", /* GPIO39 */
+ /* Used by BT module */
+ "CTS0",
+ "RTS0",
+ "TXD0",
+ "RXD0",
+ /* Used by Wifi */
+ "SD1_CLK",
+ "SD1_CMD",
+ "SD1_DATA0",
+ "SD1_DATA1",
+ "SD1_DATA2",
+ "SD1_DATA3",
"CAM_GPIO1", /* GPIO40 */
"WL_ON", /* GPIO41 */
"NC", /* GPIO42 */
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 276/452] ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 275/452] ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 277/452] ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED Greg Kroah-Hartman
` (181 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Phil Elwell, Stefan Wahren,
Florian Fainelli, Sasha Levin
From: Phil Elwell <phil@raspberrypi.com>
[ Upstream commit 9fd26fd02749ec964eb0d588a3bab9e09bf77927 ]
The GPIOs 46 & 47 are already used for a I2C interface to a SMPS.
So fix the GPIO line names accordingly.
Fixes: a54fe8a6cf66 ("ARM: dts: add Raspberry Pi Compute Module 3 and IO board")
Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts b/arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts
index 588d9411ceb6..3dfce4312dfc 100644
--- a/arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts
+++ b/arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts
@@ -63,8 +63,8 @@
"GPIO43",
"GPIO44",
"GPIO45",
- "GPIO46",
- "GPIO47",
+ "SMPS_SCL",
+ "SMPS_SDA",
/* Used by eMMC */
"SD_CLK_R",
"SD_CMD_R",
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 277/452] ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 276/452] ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 278/452] ARM: dts: bcm2835-rpi-b: Fix GPIO line names Greg Kroah-Hartman
` (180 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Phil Elwell, Stefan Wahren,
Florian Fainelli, Sasha Levin
From: Phil Elwell <phil@raspberrypi.com>
[ Upstream commit 57f718aa4b93392fb1a8c0a874ab882b9e18136a ]
The red LED on the Raspberry Pi 3 B Plus is the power LED.
So fix the GPIO line name accordingly.
Fixes: 71c0cd2283f2 ("ARM: dts: bcm2837: Add Raspberry Pi 3 B+")
Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/bcm2837-rpi-3-b-plus.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/bcm2837-rpi-3-b-plus.dts b/arch/arm/boot/dts/bcm2837-rpi-3-b-plus.dts
index 61010266ca9a..90472e76a313 100644
--- a/arch/arm/boot/dts/bcm2837-rpi-3-b-plus.dts
+++ b/arch/arm/boot/dts/bcm2837-rpi-3-b-plus.dts
@@ -45,7 +45,7 @@
#gpio-cells = <2>;
gpio-line-names = "BT_ON",
"WL_ON",
- "STATUS_LED_R",
+ "PWR_LED_R",
"LAN_RUN",
"",
"CAM_GPIO0",
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 278/452] ARM: dts: bcm2835-rpi-b: Fix GPIO line names
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 277/452] ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 279/452] misc: ocxl: fix possible double free in ocxl_file_register_afu Greg Kroah-Hartman
` (179 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Phil Elwell, Stefan Wahren,
Florian Fainelli, Sasha Levin
From: Stefan Wahren <stefan.wahren@i2se.com>
[ Upstream commit 97bd8659c1c46c23e4daea7e040befca30939950 ]
Recently this has been fixed in the vendor tree, so upstream this.
Fixes: 731b26a6ac17 ("ARM: bcm2835: Add names for the Raspberry Pi GPIO lines")
Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/bcm2835-rpi-b.dts | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/arch/arm/boot/dts/bcm2835-rpi-b.dts b/arch/arm/boot/dts/bcm2835-rpi-b.dts
index 1b63d6b19750..25d87212cefd 100644
--- a/arch/arm/boot/dts/bcm2835-rpi-b.dts
+++ b/arch/arm/boot/dts/bcm2835-rpi-b.dts
@@ -53,18 +53,17 @@
"GPIO18",
"NC", /* GPIO19 */
"NC", /* GPIO20 */
- "GPIO21",
+ "CAM_GPIO0",
"GPIO22",
"GPIO23",
"GPIO24",
"GPIO25",
"NC", /* GPIO26 */
- "CAM_GPIO0",
- /* Binary number representing build/revision */
- "CONFIG0",
- "CONFIG1",
- "CONFIG2",
- "CONFIG3",
+ "GPIO27",
+ "GPIO28",
+ "GPIO29",
+ "GPIO30",
+ "GPIO31",
"NC", /* GPIO32 */
"NC", /* GPIO33 */
"NC", /* GPIO34 */
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 279/452] misc: ocxl: fix possible double free in ocxl_file_register_afu
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 278/452] ARM: dts: bcm2835-rpi-b: Fix GPIO line names Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 280/452] crypto: marvell/cesa - ECB does not IV Greg Kroah-Hartman
` (178 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hangyu Hua, Frederic Barrat,
Michael Ellerman, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit 950cf957fe34d40d63dfa3bf3968210430b6491e ]
info_release() will be called in device_unregister() when info->dev's
reference count is 0. So there is no need to call ocxl_afu_put() and
kfree() again.
Fix this by adding free_minor() and return to err_unregister error path.
Fixes: 75ca758adbaf ("ocxl: Create a clear delineation between ocxl backend & frontend")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Acked-by: Frederic Barrat <fbarrat@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220418085758.38145-1-hbh25y@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/ocxl/file.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/misc/ocxl/file.c b/drivers/misc/ocxl/file.c
index 4d1b44de1492..c742ab02ae18 100644
--- a/drivers/misc/ocxl/file.c
+++ b/drivers/misc/ocxl/file.c
@@ -558,7 +558,9 @@ int ocxl_file_register_afu(struct ocxl_afu *afu)
err_unregister:
ocxl_sysfs_unregister_afu(info); // safe to call even if register failed
+ free_minor(info);
device_unregister(&info->dev);
+ return rc;
err_put:
ocxl_afu_put(afu);
free_minor(info);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 280/452] crypto: marvell/cesa - ECB does not IV
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 279/452] misc: ocxl: fix possible double free in ocxl_file_register_afu Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 281/452] gpiolib: of: Introduce hook for missing gpio-ranges Greg Kroah-Hartman
` (177 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Corentin Labbe, Herbert Xu, Sasha Levin
From: Corentin Labbe <clabbe@baylibre.com>
[ Upstream commit 4ffa1763622ae5752961499588f3f8874315f974 ]
The DES3 ECB has an IV size set but ECB does not need one.
Fixes: 4ada483978237 ("crypto: marvell/cesa - add Triple-DES support")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/marvell/cesa/cipher.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/crypto/marvell/cesa/cipher.c b/drivers/crypto/marvell/cesa/cipher.c
index b4a6ff9dd6d5..596a8c74e40a 100644
--- a/drivers/crypto/marvell/cesa/cipher.c
+++ b/drivers/crypto/marvell/cesa/cipher.c
@@ -614,7 +614,6 @@ struct skcipher_alg mv_cesa_ecb_des3_ede_alg = {
.decrypt = mv_cesa_ecb_des3_ede_decrypt,
.min_keysize = DES3_EDE_KEY_SIZE,
.max_keysize = DES3_EDE_KEY_SIZE,
- .ivsize = DES3_EDE_BLOCK_SIZE,
.base = {
.cra_name = "ecb(des3_ede)",
.cra_driver_name = "mv-ecb-des3-ede",
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 281/452] gpiolib: of: Introduce hook for missing gpio-ranges
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 280/452] crypto: marvell/cesa - ECB does not IV Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 282/452] pinctrl: bcm2835: implement " Greg Kroah-Hartman
` (176 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Wahren, Florian Fainelli,
Bartosz Golaszewski, Linus Walleij, Sasha Levin
From: Stefan Wahren <stefan.wahren@i2se.com>
[ Upstream commit 3550bba25d5587a701e6edf20e20984d2ee72c78 ]
Since commit 2ab73c6d8323 ("gpio: Support GPIO controllers without pin-ranges")
the device tree nodes of GPIO controller need the gpio-ranges property to
handle gpio-hogs. Unfortunately it's impossible to guarantee that every new
kernel is shipped with an updated device tree binary.
In order to provide backward compatibility with those older DTB, we need a
callback within of_gpiochip_add_pin_range() so the relevant platform driver
can handle this case.
Fixes: 2ab73c6d8323 ("gpio: Support GPIO controllers without pin-ranges")
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Tested-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Bartosz Golaszewski <brgl@bgdev.pl>
Link: https://lore.kernel.org/r/20220409095129.45786-2-stefan.wahren@i2se.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpiolib-of.c | 5 +++++
include/linux/gpio/driver.h | 12 ++++++++++++
2 files changed, 17 insertions(+)
diff --git a/drivers/gpio/gpiolib-of.c b/drivers/gpio/gpiolib-of.c
index 921a99578ff0..01424af654db 100644
--- a/drivers/gpio/gpiolib-of.c
+++ b/drivers/gpio/gpiolib-of.c
@@ -933,6 +933,11 @@ static int of_gpiochip_add_pin_range(struct gpio_chip *chip)
if (!np)
return 0;
+ if (!of_property_read_bool(np, "gpio-ranges") &&
+ chip->of_gpio_ranges_fallback) {
+ return chip->of_gpio_ranges_fallback(chip, np);
+ }
+
group_names = of_find_property(np, group_names_propname, NULL);
for (;; index++) {
diff --git a/include/linux/gpio/driver.h b/include/linux/gpio/driver.h
index b216899b4745..0552a9859a01 100644
--- a/include/linux/gpio/driver.h
+++ b/include/linux/gpio/driver.h
@@ -477,6 +477,18 @@ struct gpio_chip {
*/
int (*of_xlate)(struct gpio_chip *gc,
const struct of_phandle_args *gpiospec, u32 *flags);
+
+ /**
+ * @of_gpio_ranges_fallback:
+ *
+ * Optional hook for the case that no gpio-ranges property is defined
+ * within the device tree node "np" (usually DT before introduction
+ * of gpio-ranges). So this callback is helpful to provide the
+ * necessary backward compatibility for the pin ranges.
+ */
+ int (*of_gpio_ranges_fallback)(struct gpio_chip *gc,
+ struct device_node *np);
+
#endif /* CONFIG_OF_GPIO */
};
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 282/452] pinctrl: bcm2835: implement hook for missing gpio-ranges
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 281/452] gpiolib: of: Introduce hook for missing gpio-ranges Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 283/452] arm: mediatek: select arch timer for mt7629 Greg Kroah-Hartman
` (175 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Wahren, Florian Fainelli,
Linus Walleij, Sasha Levin
From: Stefan Wahren <stefan.wahren@i2se.com>
[ Upstream commit d2b67744fd99b06555b7e4d67302ede6c7c6a638 ]
The commit c8013355ead6 ("ARM: dts: gpio-ranges property is now required")
fixed the GPIO probing issues caused by "pinctrl: bcm2835: Change init
order for gpio hogs". This changed only the kernel DTS files. Unfortunately
it isn't guaranteed that these files are shipped to all users.
So implement the necessary backward compatibility for BCM2835 and
BCM2711 platform.
Fixes: 266423e60ea1 ("pinctrl: bcm2835: Change init order for gpio hogs")
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Tested-by: Florian Fainelli <f.fainelli@gmail.com>
Link: https://lore.kernel.org/r/20220409095129.45786-3-stefan.wahren@i2se.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/bcm/pinctrl-bcm2835.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/drivers/pinctrl/bcm/pinctrl-bcm2835.c b/drivers/pinctrl/bcm/pinctrl-bcm2835.c
index 6768b2f03d68..39d2024dc2ee 100644
--- a/drivers/pinctrl/bcm/pinctrl-bcm2835.c
+++ b/drivers/pinctrl/bcm/pinctrl-bcm2835.c
@@ -351,6 +351,22 @@ static int bcm2835_gpio_direction_output(struct gpio_chip *chip,
return pinctrl_gpio_direction_output(chip->base + offset);
}
+static int bcm2835_of_gpio_ranges_fallback(struct gpio_chip *gc,
+ struct device_node *np)
+{
+ struct pinctrl_dev *pctldev = of_pinctrl_get(np);
+
+ of_node_put(np);
+
+ if (!pctldev)
+ return 0;
+
+ gpiochip_add_pin_range(gc, pinctrl_dev_get_devname(pctldev), 0, 0,
+ gc->ngpio);
+
+ return 0;
+}
+
static const struct gpio_chip bcm2835_gpio_chip = {
.label = MODULE_NAME,
.owner = THIS_MODULE,
@@ -365,6 +381,7 @@ static const struct gpio_chip bcm2835_gpio_chip = {
.base = -1,
.ngpio = BCM2835_NUM_GPIOS,
.can_sleep = false,
+ .of_gpio_ranges_fallback = bcm2835_of_gpio_ranges_fallback,
};
static const struct gpio_chip bcm2711_gpio_chip = {
@@ -381,6 +398,7 @@ static const struct gpio_chip bcm2711_gpio_chip = {
.base = -1,
.ngpio = BCM2711_NUM_GPIOS,
.can_sleep = false,
+ .of_gpio_ranges_fallback = bcm2835_of_gpio_ranges_fallback,
};
static void bcm2835_gpio_irq_handle_bank(struct bcm2835_pinctrl *pc,
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 283/452] arm: mediatek: select arch timer for mt7629
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (281 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 282/452] pinctrl: bcm2835: implement " Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 284/452] powerpc/fadump: fix PT_LOAD segment for boot memory area Greg Kroah-Hartman
` (174 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chuanhong Guo, Matthias Brugger, Sasha Levin
From: Chuanhong Guo <gch981213@gmail.com>
[ Upstream commit d66aea197d534e23d4989eb72fca9c0c114b97c9 ]
This chip has an armv7 arch timer according to the dts. Select it in
Kconfig to enforce the support for it.
Otherwise the system time is just completely wrong if user forget to
enable ARM_ARCH_TIMER in kernel config.
Fixes: a43379dddf1b ("arm: mediatek: add MT7629 smp bring up code")
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Link: https://lore.kernel.org/r/20220409091347.2473449-1-gch981213@gmail.com
Signed-off-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-mediatek/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/mach-mediatek/Kconfig b/arch/arm/mach-mediatek/Kconfig
index 9e0f592d87d8..35a3430c7942 100644
--- a/arch/arm/mach-mediatek/Kconfig
+++ b/arch/arm/mach-mediatek/Kconfig
@@ -30,6 +30,7 @@ config MACH_MT7623
config MACH_MT7629
bool "MediaTek MT7629 SoCs support"
default ARCH_MEDIATEK
+ select HAVE_ARM_ARCH_TIMER
config MACH_MT8127
bool "MediaTek MT8127 SoCs support"
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 284/452] powerpc/fadump: fix PT_LOAD segment for boot memory area
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (282 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 283/452] arm: mediatek: select arch timer for mt7629 Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 285/452] mfd: ipaq-micro: Fix error check return value of platform_get_irq() Greg Kroah-Hartman
` (173 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hari Bathini, Michael Ellerman, Sasha Levin
From: Hari Bathini <hbathini@linux.ibm.com>
[ Upstream commit 15eb77f873255cf9f4d703b63cfbd23c46579654 ]
Boot memory area is setup as separate PT_LOAD segment in the vmcore
as it is moved by f/w, on crash, to a destination address provided by
the kernel. Having separate PT_LOAD segment helps in handling the
different physical address and offset for boot memory area in the
vmcore.
Commit ced1bf52f477 ("powerpc/fadump: merge adjacent memory ranges to
reduce PT_LOAD segements") inadvertly broke this pre-condition for
cases where some of the first kernel memory is available adjacent to
boot memory area. This scenario is rare but possible when memory for
fadump could not be reserved adjacent to boot memory area owing to
memory hole or such. Reading memory from a vmcore exported in such
scenario provides incorrect data. Fix it by ensuring no other region
is folded into boot memory area.
Fixes: ced1bf52f477 ("powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements")
Signed-off-by: Hari Bathini <hbathini@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220406093839.206608-2-hbathini@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/fadump.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c
index c3bb800dc435..1a5ba26aab15 100644
--- a/arch/powerpc/kernel/fadump.c
+++ b/arch/powerpc/kernel/fadump.c
@@ -861,7 +861,6 @@ static int fadump_alloc_mem_ranges(struct fadump_mrange_info *mrange_info)
sizeof(struct fadump_memory_range));
return 0;
}
-
static inline int fadump_add_mem_range(struct fadump_mrange_info *mrange_info,
u64 base, u64 end)
{
@@ -880,7 +879,12 @@ static inline int fadump_add_mem_range(struct fadump_mrange_info *mrange_info,
start = mem_ranges[mrange_info->mem_range_cnt - 1].base;
size = mem_ranges[mrange_info->mem_range_cnt - 1].size;
- if ((start + size) == base)
+ /*
+ * Boot memory area needs separate PT_LOAD segment(s) as it
+ * is moved to a different location at the time of crash.
+ * So, fold only if the region is not boot memory area.
+ */
+ if ((start + size) == base && start >= fw_dump.boot_mem_top)
is_adjacent = true;
}
if (!is_adjacent) {
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 285/452] mfd: ipaq-micro: Fix error check return value of platform_get_irq()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 284/452] powerpc/fadump: fix PT_LOAD segment for boot memory area Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 286/452] scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() Greg Kroah-Hartman
` (172 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zeal Robot, Lv Ruyi, Linus Walleij,
Lee Jones, Sasha Levin
From: Lv Ruyi <lv.ruyi@zte.com.cn>
[ Upstream commit 3b49ae380ce1a3054e0c505dd9a356b82a5b48e8 ]
platform_get_irq() return negative value on failure, so null check of
irq is incorrect. Fix it by comparing whether it is less than zero.
Fixes: dcc21cc09e3c ("mfd: Add driver for Atmel Microcontroller on iPaq h3xxx")
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20220412085305.2533030-1-lv.ruyi@zte.com.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/ipaq-micro.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mfd/ipaq-micro.c b/drivers/mfd/ipaq-micro.c
index e92eeeb67a98..4cd5ecc72211 100644
--- a/drivers/mfd/ipaq-micro.c
+++ b/drivers/mfd/ipaq-micro.c
@@ -403,7 +403,7 @@ static int __init micro_probe(struct platform_device *pdev)
micro_reset_comm(micro);
irq = platform_get_irq(pdev, 0);
- if (!irq)
+ if (irq < 0)
return -EINVAL;
ret = devm_request_irq(&pdev->dev, irq, micro_serial_isr,
IRQF_SHARED, "ipaq-micro",
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 286/452] scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 285/452] mfd: ipaq-micro: Fix error check return value of platform_get_irq() Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 287/452] firmware: arm_scmi: Fix list protocols enumeration in the base protocol Greg Kroah-Hartman
` (171 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Gustavo A. R. Silva, Sasha Levin
From: Gustavo A. R. Silva <gustavoars@kernel.org>
[ Upstream commit 54db804d5d7d36709d1ce70bde3b9a6c61b290b6 ]
Fix the following Wstringop-overflow warnings when building with GCC-11:
drivers/scsi/fcoe/fcoe.c: In function ‘fcoe_netdev_config’:
drivers/scsi/fcoe/fcoe.c:744:32: warning: ‘fcoe_wwn_from_mac’ accessing 32 bytes in a region of size 6 [-Wstringop-overflow=]
744 | wwnn = fcoe_wwn_from_mac(ctlr->ctl_src_addr, 1, 0);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/fcoe/fcoe.c:744:32: note: referencing argument 1 of type ‘unsigned char *’
In file included from drivers/scsi/fcoe/fcoe.c:36:
./include/scsi/libfcoe.h:252:5: note: in a call to function ‘fcoe_wwn_from_mac’
252 | u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN], unsigned int, unsigned int);
| ^~~~~~~~~~~~~~~~~
drivers/scsi/fcoe/fcoe.c:747:32: warning: ‘fcoe_wwn_from_mac’ accessing 32 bytes in a region of size 6 [-Wstringop-overflow=]
747 | wwpn = fcoe_wwn_from_mac(ctlr->ctl_src_addr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
748 | 2, 0);
| ~~~~~
drivers/scsi/fcoe/fcoe.c:747:32: note: referencing argument 1 of type ‘unsigned char *’
In file included from drivers/scsi/fcoe/fcoe.c:36:
./include/scsi/libfcoe.h:252:5: note: in a call to function ‘fcoe_wwn_from_mac’
252 | u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN], unsigned int, unsigned int);
| ^~~~~~~~~~~~~~~~~
CC drivers/scsi/bnx2fc/bnx2fc_io.o
In function ‘bnx2fc_net_config’,
inlined from ‘bnx2fc_if_create’ at drivers/scsi/bnx2fc/bnx2fc_fcoe.c:1543:7:
drivers/scsi/bnx2fc/bnx2fc_fcoe.c:833:32: warning: ‘fcoe_wwn_from_mac’ accessing 32 bytes in a region of size 6 [-Wstringop-overflow=]
833 | wwnn = fcoe_wwn_from_mac(ctlr->ctl_src_addr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
834 | 1, 0);
| ~~~~~
drivers/scsi/bnx2fc/bnx2fc_fcoe.c: In function ‘bnx2fc_if_create’:
drivers/scsi/bnx2fc/bnx2fc_fcoe.c:833:32: note: referencing argument 1 of type ‘unsigned char *’
In file included from drivers/scsi/bnx2fc/bnx2fc.h:53,
from drivers/scsi/bnx2fc/bnx2fc_fcoe.c:17:
./include/scsi/libfcoe.h:252:5: note: in a call to function ‘fcoe_wwn_from_mac’
252 | u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN], unsigned int, unsigned int);
| ^~~~~~~~~~~~~~~~~
In function ‘bnx2fc_net_config’,
inlined from ‘bnx2fc_if_create’ at drivers/scsi/bnx2fc/bnx2fc_fcoe.c:1543:7:
drivers/scsi/bnx2fc/bnx2fc_fcoe.c:839:32: warning: ‘fcoe_wwn_from_mac’ accessing 32 bytes in a region of size 6 [-Wstringop-overflow=]
839 | wwpn = fcoe_wwn_from_mac(ctlr->ctl_src_addr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
840 | 2, 0);
| ~~~~~
drivers/scsi/bnx2fc/bnx2fc_fcoe.c: In function ‘bnx2fc_if_create’:
drivers/scsi/bnx2fc/bnx2fc_fcoe.c:839:32: note: referencing argument 1 of type ‘unsigned char *’
In file included from drivers/scsi/bnx2fc/bnx2fc.h:53,
from drivers/scsi/bnx2fc/bnx2fc_fcoe.c:17:
./include/scsi/libfcoe.h:252:5: note: in a call to function ‘fcoe_wwn_from_mac’
252 | u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN], unsigned int, unsigned int);
| ^~~~~~~~~~~~~~~~~
drivers/scsi/qedf/qedf_main.c: In function ‘__qedf_probe’:
drivers/scsi/qedf/qedf_main.c:3520:30: warning: ‘fcoe_wwn_from_mac’ accessing 32 bytes in a region of size 6 [-Wstringop-overflow=]
3520 | qedf->wwnn = fcoe_wwn_from_mac(qedf->mac, 1, 0);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/qedf/qedf_main.c:3520:30: note: referencing argument 1 of type ‘unsigned char *’
In file included from drivers/scsi/qedf/qedf.h:9,
from drivers/scsi/qedf/qedf_main.c:23:
./include/scsi/libfcoe.h:252:5: note: in a call to function ‘fcoe_wwn_from_mac’
252 | u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN], unsigned int, unsigned int);
| ^~~~~~~~~~~~~~~~~
drivers/scsi/qedf/qedf_main.c:3521:30: warning: ‘fcoe_wwn_from_mac’ accessing 32 bytes in a region of size 6 [-Wstringop-overflow=]
3521 | qedf->wwpn = fcoe_wwn_from_mac(qedf->mac, 2, 0);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/qedf/qedf_main.c:3521:30: note: referencing argument 1 of type ‘unsigned char *’
In file included from drivers/scsi/qedf/qedf.h:9,
from drivers/scsi/qedf/qedf_main.c:23:
./include/scsi/libfcoe.h:252:5: note: in a call to function ‘fcoe_wwn_from_mac’
252 | u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN], unsigned int, unsigned int);
| ^~~~~~~~~~~~~~~~~
by changing the array size to the correct value of ETH_ALEN in the
argument declaration.
Also, fix a couple of checkpatch warnings:
WARNING: function definition argument 'unsigned int' should also have an identifier name
This helps with the ongoing efforts to globally enable
-Wstringop-overflow.
Link: https://github.com/KSPP/linux/issues/181
Fixes: 85b4aa4926a5 ("[SCSI] fcoe: Fibre Channel over Ethernet")
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/fcoe/fcoe_ctlr.c | 2 +-
include/scsi/libfcoe.h | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/fcoe/fcoe_ctlr.c b/drivers/scsi/fcoe/fcoe_ctlr.c
index 5ea426effa60..bbc5d6b9be73 100644
--- a/drivers/scsi/fcoe/fcoe_ctlr.c
+++ b/drivers/scsi/fcoe/fcoe_ctlr.c
@@ -1969,7 +1969,7 @@ EXPORT_SYMBOL(fcoe_ctlr_recv_flogi);
*
* Returns: u64 fc world wide name
*/
-u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN],
+u64 fcoe_wwn_from_mac(unsigned char mac[ETH_ALEN],
unsigned int scheme, unsigned int port)
{
u64 wwn;
diff --git a/include/scsi/libfcoe.h b/include/scsi/libfcoe.h
index fac8e89aed81..310e0dbffda9 100644
--- a/include/scsi/libfcoe.h
+++ b/include/scsi/libfcoe.h
@@ -249,7 +249,8 @@ int fcoe_ctlr_recv_flogi(struct fcoe_ctlr *, struct fc_lport *,
struct fc_frame *);
/* libfcoe funcs */
-u64 fcoe_wwn_from_mac(unsigned char mac[MAX_ADDR_LEN], unsigned int, unsigned int);
+u64 fcoe_wwn_from_mac(unsigned char mac[ETH_ALEN], unsigned int scheme,
+ unsigned int port);
int fcoe_libfc_config(struct fc_lport *, struct fcoe_ctlr *,
const struct libfc_function_template *, int init_fcp);
u32 fcoe_fc_crc(struct fc_frame *fp);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 287/452] firmware: arm_scmi: Fix list protocols enumeration in the base protocol
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 286/452] scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 288/452] nvdimm: Fix firmware activation deadlock scenarios Greg Kroah-Hartman
` (170 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cristian Marussi, Sudeep Holla, Sasha Levin
From: Cristian Marussi <cristian.marussi@arm.com>
[ Upstream commit 8009120e0354a67068e920eb10dce532391361d0 ]
While enumerating protocols implemented by the SCMI platform using
BASE_DISCOVER_LIST_PROTOCOLS, the number of returned protocols is
currently validated in an improper way since the check employs a sum
between unsigned integers that could overflow and cause the check itself
to be silently bypassed if the returned value 'loop_num_ret' is big
enough.
Fix the validation avoiding the addition.
Link: https://lore.kernel.org/r/20220330150551.2573938-4-cristian.marussi@arm.com
Fixes: b6f20ff8bd94 ("firmware: arm_scmi: add common infrastructure and support for base protocol")
Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/arm_scmi/base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/arm_scmi/base.c b/drivers/firmware/arm_scmi/base.c
index 017e5d8bd869..e51d28ba2833 100644
--- a/drivers/firmware/arm_scmi/base.c
+++ b/drivers/firmware/arm_scmi/base.c
@@ -188,7 +188,7 @@ static int scmi_base_implementation_list_get(const struct scmi_handle *handle,
break;
loop_num_ret = le32_to_cpu(*num_ret);
- if (tot_num_ret + loop_num_ret > MAX_PROTOCOLS_IMP) {
+ if (loop_num_ret > MAX_PROTOCOLS_IMP - tot_num_ret) {
dev_err(dev, "No. of Protocol > MAX_PROTOCOLS_IMP");
break;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 288/452] nvdimm: Fix firmware activation deadlock scenarios
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 287/452] firmware: arm_scmi: Fix list protocols enumeration in the base protocol Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 289/452] nvdimm: Allow overwrite in the presence of disabled dimms Greg Kroah-Hartman
` (169 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ira Weiny, Dan Williams, Sasha Levin
From: Dan Williams <dan.j.williams@intel.com>
[ Upstream commit e6829d1bd3c4b58296ee9e412f7ed4d6cb390192 ]
Lockdep reports the following deadlock scenarios for CXL root device
power-management, device_prepare(), operations, and device_shutdown()
operations for 'nd_region' devices:
Chain exists of:
&nvdimm_region_key --> &nvdimm_bus->reconfig_mutex --> system_transition_mutex
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(system_transition_mutex);
lock(&nvdimm_bus->reconfig_mutex);
lock(system_transition_mutex);
lock(&nvdimm_region_key);
Chain exists of:
&cxl_nvdimm_bridge_key --> acpi_scan_lock --> &cxl_root_key
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&cxl_root_key);
lock(acpi_scan_lock);
lock(&cxl_root_key);
lock(&cxl_nvdimm_bridge_key);
These stem from holding nvdimm_bus_lock() over hibernate_quiet_exec()
which walks the entire system device topology taking device_lock() along
the way. The nvdimm_bus_lock() is protecting against unregistration,
multiple simultaneous ops callers, and preventing activate_show() from
racing activate_store(). For the first 2, the lock is redundant.
Unregistration already flushes all ops users, and sysfs already prevents
multiple threads to be active in an ops handler at the same time. For
the last userspace should already be waiting for its last
activate_store() to complete, and does not need activate_show() to flush
the write side, so this lock usage can be deleted in these attributes.
Fixes: 48001ea50d17 ("PM, libnvdimm: Add runtime firmware activation support")
Reviewed-by: Ira Weiny <ira.weiny@intel.com>
Link: https://lore.kernel.org/r/165074883800.4116052.10737040861825806582.stgit@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvdimm/core.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/drivers/nvdimm/core.c b/drivers/nvdimm/core.c
index c21ba0602029..1c92c883afdd 100644
--- a/drivers/nvdimm/core.c
+++ b/drivers/nvdimm/core.c
@@ -400,9 +400,7 @@ static ssize_t capability_show(struct device *dev,
if (!nd_desc->fw_ops)
return -EOPNOTSUPP;
- nvdimm_bus_lock(dev);
cap = nd_desc->fw_ops->capability(nd_desc);
- nvdimm_bus_unlock(dev);
switch (cap) {
case NVDIMM_FWA_CAP_QUIESCE:
@@ -427,10 +425,8 @@ static ssize_t activate_show(struct device *dev,
if (!nd_desc->fw_ops)
return -EOPNOTSUPP;
- nvdimm_bus_lock(dev);
cap = nd_desc->fw_ops->capability(nd_desc);
state = nd_desc->fw_ops->activate_state(nd_desc);
- nvdimm_bus_unlock(dev);
if (cap < NVDIMM_FWA_CAP_QUIESCE)
return -EOPNOTSUPP;
@@ -475,7 +471,6 @@ static ssize_t activate_store(struct device *dev,
else
return -EINVAL;
- nvdimm_bus_lock(dev);
state = nd_desc->fw_ops->activate_state(nd_desc);
switch (state) {
@@ -493,7 +488,6 @@ static ssize_t activate_store(struct device *dev,
default:
rc = -ENXIO;
}
- nvdimm_bus_unlock(dev);
if (rc == 0)
rc = len;
@@ -516,10 +510,7 @@ static umode_t nvdimm_bus_firmware_visible(struct kobject *kobj, struct attribut
if (!nd_desc->fw_ops)
return 0;
- nvdimm_bus_lock(dev);
cap = nd_desc->fw_ops->capability(nd_desc);
- nvdimm_bus_unlock(dev);
-
if (cap < NVDIMM_FWA_CAP_QUIESCE)
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 289/452] nvdimm: Allow overwrite in the presence of disabled dimms
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 288/452] nvdimm: Fix firmware activation deadlock scenarios Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 290/452] pinctrl: mvebu: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
` (168 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vishal Verma, Dave Jiang, Ira Weiny,
Jeff Moyer, Krzysztof Kensicki, Dan Williams, Sasha Levin
From: Dan Williams <dan.j.williams@intel.com>
[ Upstream commit bb7bf697fed58eae9d3445944e457ab0de4da54f ]
It is not clear why the original implementation of overwrite support
required the dimm driver to be active before overwrite could proceed. In
fact that can lead to cases where the kernel retains an invalid cached
copy of the labels from before the overwrite. Unfortunately the kernel
has not only allowed that case, but enforced it.
Going forward, allow for overwrite to happen while the label area is
offline, and follow-on with updates to 'ndctl sanitize-dimm --overwrite'
to trigger the label area invalidation by default.
Cc: Vishal Verma <vishal.l.verma@intel.com>
Cc: Dave Jiang <dave.jiang@intel.com>
Cc: Ira Weiny <ira.weiny@intel.com>
Cc: Jeff Moyer <jmoyer@redhat.com>
Reported-by: Krzysztof Kensicki <krzysztof.kensicki@intel.com>
Fixes: 7d988097c546 ("acpi/nfit, libnvdimm/security: Add security DSM overwrite support")
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvdimm/security.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c
index 4b80150e4afa..b5aa55c61461 100644
--- a/drivers/nvdimm/security.c
+++ b/drivers/nvdimm/security.c
@@ -379,11 +379,6 @@ static int security_overwrite(struct nvdimm *nvdimm, unsigned int keyid)
|| !nvdimm->sec.flags)
return -EOPNOTSUPP;
- if (dev->driver == NULL) {
- dev_dbg(dev, "Unable to overwrite while DIMM active.\n");
- return -EINVAL;
- }
-
rc = check_security_state(nvdimm);
if (rc)
return rc;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 290/452] pinctrl: mvebu: Fix irq_of_parse_and_map() return value
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 289/452] nvdimm: Allow overwrite in the presence of disabled dimms Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 291/452] drivers/base/node.c: fix compaction sysfs file leak Greg Kroah-Hartman
` (167 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Linus Walleij,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 71bc7cf3be65bab441e03667cf215c557712976c ]
The irq_of_parse_and_map() returns 0 on failure, not a negative ERRNO.
Fixes: 2f227605394b ("pinctrl: armada-37xx: Add irqchip support")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220422105339.78810-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pinctrl/mvebu/pinctrl-armada-37xx.c b/drivers/pinctrl/mvebu/pinctrl-armada-37xx.c
index 5cb018f98800..85a0052bb0e6 100644
--- a/drivers/pinctrl/mvebu/pinctrl-armada-37xx.c
+++ b/drivers/pinctrl/mvebu/pinctrl-armada-37xx.c
@@ -781,7 +781,7 @@ static int armada_37xx_irqchip_register(struct platform_device *pdev,
for (i = 0; i < nr_irq_parent; i++) {
int irq = irq_of_parse_and_map(np, i);
- if (irq < 0)
+ if (!irq)
continue;
girq->parents[i] = irq;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 291/452] drivers/base/node.c: fix compaction sysfs file leak
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 290/452] pinctrl: mvebu: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 292/452] dax: fix cache flush on PMD-mapped pages Greg Kroah-Hartman
` (166 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaohe Lin, Rafael J. Wysocki,
Mel Gorman, Minchan Kim, KAMEZAWA Hiroyuki, KOSAKI Motohiro,
Andrew Morton, Sasha Levin
From: Miaohe Lin <linmiaohe@huawei.com>
[ Upstream commit da63dc84befaa9e6079a0bc363ff0eaa975f9073 ]
Compaction sysfs file is created via compaction_register_node in
register_node. But we forgot to remove it in unregister_node. Thus
compaction sysfs file is leaked. Using compaction_unregister_node to fix
this issue.
Link: https://lkml.kernel.org/r/20220401070905.43679-1-linmiaohe@huawei.com
Fixes: ed4a6d7f0676 ("mm: compaction: add /sys trigger for per-node memory compaction")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Rafael J. Wysocki <rafael@kernel.org>
Cc: Mel Gorman <mel@csn.ul.ie>
Cc: Minchan Kim <minchan.kim@gmail.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/node.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/base/node.c b/drivers/base/node.c
index 21965de8538b..5f745c906c33 100644
--- a/drivers/base/node.c
+++ b/drivers/base/node.c
@@ -655,6 +655,7 @@ static int register_node(struct node *node, int num)
*/
void unregister_node(struct node *node)
{
+ compaction_unregister_node(node);
hugetlb_unregister_node(node); /* no-op, if memoryless node */
node_remove_accesses(node);
node_remove_caches(node);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 292/452] dax: fix cache flush on PMD-mapped pages
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 291/452] drivers/base/node.c: fix compaction sysfs file leak Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 293/452] drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() Greg Kroah-Hartman
` (165 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Muchun Song, Dan Williams,
Christoph Hellwig, Alistair Popple, Al Viro, Hugh Dickins,
Jan Kara, Kirill A. Shutemov, Matthew Wilcox, Ralph Campbell,
Ross Zwisler, Xiongchun Duan, Xiyu Yang, Yang Shi, Andrew Morton,
Sasha Levin
From: Muchun Song <songmuchun@bytedance.com>
[ Upstream commit e583b5c472bd23d450e06f148dc1f37be74f7666 ]
The flush_cache_page() only remove a PAGE_SIZE sized range from the cache.
However, it does not cover the full pages in a THP except a head page.
Replace it with flush_cache_range() to fix this issue. This is just a
documentation issue with the respect to properly documenting the expected
usage of cache flushing before modifying the pmd. However, in practice
this is not a problem due to the fact that DAX is not available on
architectures with virtually indexed caches per:
commit d92576f1167c ("dax: does not work correctly with virtual aliasing caches")
Link: https://lkml.kernel.org/r/20220403053957.10770-3-songmuchun@bytedance.com
Fixes: f729c8c9b24f ("dax: wrprotect pmd_t in dax_mapping_entry_mkclean")
Signed-off-by: Muchun Song <songmuchun@bytedance.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Cc: Alistair Popple <apopple@nvidia.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Hugh Dickins <hughd@google.com>
Cc: Jan Kara <jack@suse.cz>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Ralph Campbell <rcampbell@nvidia.com>
Cc: Ross Zwisler <zwisler@kernel.org>
Cc: Xiongchun Duan <duanxiongchun@bytedance.com>
Cc: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Cc: Yang Shi <shy828301@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/dax.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/dax.c b/fs/dax.c
index d5d7b9393bca..3e7e9a57fd28 100644
--- a/fs/dax.c
+++ b/fs/dax.c
@@ -846,7 +846,8 @@ static void dax_entry_mkclean(struct address_space *mapping, pgoff_t index,
if (!pmd_dirty(*pmdp) && !pmd_write(*pmdp))
goto unlock_pmd;
- flush_cache_page(vma, address, pfn);
+ flush_cache_range(vma, address,
+ address + HPAGE_PMD_SIZE);
pmd = pmdp_invalidate(vma, address, pmdp);
pmd = pmd_wrprotect(pmd);
pmd = pmd_mkclean(pmd);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 293/452] drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 292/452] dax: fix cache flush on PMD-mapped pages Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 294/452] powerpc/8xx: export cpm_setbrg for modules Greg Kroah-Hartman
` (164 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Michal Hocko,
David Hildenbrand, Rafael J. Wysocki, Scott Cheloha,
Nathan Lynch, Andrew Morton, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit f47f758cff59c68015d6b9b9c077110df7c2c828 ]
__add_memory_block() calls both put_device() and device_unregister() when
storing the memory block into the xarray. This is incorrect because
xarray doesn't take an additional reference and device_unregister()
already calls put_device().
Triggering the issue looks really unlikely and its only effect should be
to log a spurious warning about a ref counted issue.
Link: https://lkml.kernel.org/r/d44c63d78affe844f020dc02ad6af29abc448fc4.1650611702.git.christophe.jaillet@wanadoo.fr
Fixes: 4fb6eabf1037 ("drivers/base/memory.c: cache memory blocks in xarray to accelerate lookup")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Acked-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "Rafael J. Wysocki" <rafael@kernel.org>
Cc: Scott Cheloha <cheloha@linux.vnet.ibm.com>
Cc: Nathan Lynch <nathanl@linux.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/memory.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/base/memory.c b/drivers/base/memory.c
index de058d15b33e..49eb14271f28 100644
--- a/drivers/base/memory.c
+++ b/drivers/base/memory.c
@@ -560,10 +560,9 @@ int register_memory(struct memory_block *memory)
}
ret = xa_err(xa_store(&memory_blocks, memory->dev.id, memory,
GFP_KERNEL));
- if (ret) {
- put_device(&memory->dev);
+ if (ret)
device_unregister(&memory->dev);
- }
+
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 294/452] powerpc/8xx: export cpm_setbrg for modules
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 293/452] drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 295/452] pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() Greg Kroah-Hartman
` (163 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, kernel test robot,
Christophe Leroy, Michael Ellerman, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 22f8e625ebabd7ed3185b82b44b4f12fc0402113 ]
Fix missing export for a loadable module build:
ERROR: modpost: "cpm_setbrg" [drivers/tty/serial/cpm_uart/cpm_uart.ko] undefined!
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
[chleroy: Changed Fixes: tag]
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210122010819.30986-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/8xx/cpm1.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/platforms/8xx/cpm1.c b/arch/powerpc/platforms/8xx/cpm1.c
index c58b6f1c40e3..3ef5e9fd3a9b 100644
--- a/arch/powerpc/platforms/8xx/cpm1.c
+++ b/arch/powerpc/platforms/8xx/cpm1.c
@@ -280,6 +280,7 @@ cpm_setbrg(uint brg, uint rate)
out_be32(bp, (((BRG_UART_CLK_DIV16 / rate) - 1) << 1) |
CPM_BRG_EN | CPM_BRG_DIV16);
}
+EXPORT_SYMBOL(cpm_setbrg);
struct cpm_ioport16 {
__be16 dir, par, odr_sor, dat, intr;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 295/452] pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 294/452] powerpc/8xx: export cpm_setbrg for modules Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 296/452] powerpc/idle: Fix return value of __setup() handler Greg Kroah-Hartman
` (162 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Geert Uytterhoeven,
Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 5376e3d904532e657fd7ca1a9b1ff3d351527b90 ]
It will cause null-ptr-deref when using 'res', if platform_get_resource()
returns NULL, so move using 'res' after devm_ioremap_resource() that
will check it to avoid null-ptr-deref.
And use devm_platform_get_and_ioremap_resource() to simplify code.
Fixes: c7977ec4a336 ("pinctrl: sh-pfc: Convert to platform_get_*()")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20220429082637.1308182-1-yangyingliang@huawei.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/renesas/core.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/pinctrl/renesas/core.c b/drivers/pinctrl/renesas/core.c
index 258972672eda..54f1a7334027 100644
--- a/drivers/pinctrl/renesas/core.c
+++ b/drivers/pinctrl/renesas/core.c
@@ -71,12 +71,11 @@ static int sh_pfc_map_resources(struct sh_pfc *pfc,
/* Fill them. */
for (i = 0; i < num_windows; i++) {
- res = platform_get_resource(pdev, IORESOURCE_MEM, i);
- windows->phys = res->start;
- windows->size = resource_size(res);
- windows->virt = devm_ioremap_resource(pfc->dev, res);
+ windows->virt = devm_platform_get_and_ioremap_resource(pdev, i, &res);
if (IS_ERR(windows->virt))
return -ENOMEM;
+ windows->phys = res->start;
+ windows->size = resource_size(res);
windows++;
}
for (i = 0; i < num_irqs; i++)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 296/452] powerpc/idle: Fix return value of __setup() handler
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 295/452] pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 297/452] powerpc/4xx/cpm: " Greg Kroah-Hartman
` (161 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Igor Zhbanov, Randy Dunlap,
Michael Ellerman, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit b793a01000122d2bd133ba451a76cc135b5e162c ]
__setup() handlers should return 1 to obsolete_checksetup() in
init/main.c to indicate that the boot option has been handled.
A return of 0 causes the boot option/value to be listed as an Unknown
kernel parameter and added to init's (limited) argument or environment
strings.
Also, error return codes don't mean anything to obsolete_checksetup() --
only non-zero (usually 1) or zero. So return 1 from powersave_off().
Fixes: 302eca184fb8 ("[POWERPC] cell: use ppc_md->power_save instead of cbe_idle_loop")
Reported-by: Igor Zhbanov <izh1979@gmail.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220502192925.19954-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/idle.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/idle.c b/arch/powerpc/kernel/idle.c
index 1f835539fda4..f0271daa8f6a 100644
--- a/arch/powerpc/kernel/idle.c
+++ b/arch/powerpc/kernel/idle.c
@@ -37,7 +37,7 @@ static int __init powersave_off(char *arg)
{
ppc_md.power_save = NULL;
cpuidle_disable = IDLE_POWERSAVE_OFF;
- return 0;
+ return 1;
}
__setup("powersave=off", powersave_off);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 297/452] powerpc/4xx/cpm: Fix return value of __setup() handler
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (295 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 296/452] powerpc/idle: Fix return value of __setup() handler Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 298/452] ASoC: atmel-pdmic: Remove endianness flag on pdmic component Greg Kroah-Hartman
` (160 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Igor Zhbanov, Randy Dunlap,
Michael Ellerman, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 5bb99fd4090fe1acfdb90a97993fcda7f8f5a3d6 ]
__setup() handlers should return 1 to obsolete_checksetup() in
init/main.c to indicate that the boot option has been handled.
A return of 0 causes the boot option/value to be listed as an Unknown
kernel parameter and added to init's (limited) argument or environment
strings.
Also, error return codes don't mean anything to obsolete_checksetup() --
only non-zero (usually 1) or zero. So return 1 from cpm_powersave_off().
Fixes: d164f6d4f910 ("powerpc/4xx: Add suspend and idle support")
Reported-by: Igor Zhbanov <izh1979@gmail.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220502192941.20955-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/4xx/cpm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/4xx/cpm.c b/arch/powerpc/platforms/4xx/cpm.c
index ae8b812c9202..2481e78c0423 100644
--- a/arch/powerpc/platforms/4xx/cpm.c
+++ b/arch/powerpc/platforms/4xx/cpm.c
@@ -327,6 +327,6 @@ late_initcall(cpm_init);
static int __init cpm_powersave_off(char *arg)
{
cpm.powersave_off = 1;
- return 0;
+ return 1;
}
__setup("powersave=off", cpm_powersave_off);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 298/452] ASoC: atmel-pdmic: Remove endianness flag on pdmic component
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 297/452] powerpc/4xx/cpm: " Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 299/452] ASoC: atmel-classd: Remove endianness flag on class d component Greg Kroah-Hartman
` (159 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Charles Keepax, Mark Brown, Sasha Levin
From: Charles Keepax <ckeepax@opensource.cirrus.com>
[ Upstream commit 52857c3baa0e5ddeba7b2c84e56bb71c9674e048 ]
The endianness flag should have been removed when the driver was
ported across from having both a CODEC and CPU side component, to
just having a CPU component and using the dummy for the CODEC. The
endianness flag is used to indicate that the device is completely
ambivalent to the endianness of the data, typically due to the
endianness being lost over the hardware link (ie. the link defines
bit ordering). It's usage didn't have any effect when the driver
had both a CPU and CODEC component, since the union of those equals
the CPU side settings, but now causes the driver to falsely report
it supports big endian. Correct this by removing the flag.
Fixes: f3c668074a04 ("ASoC: atmel-pdmic: remove codec component")
Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20220504170905.332415-3-ckeepax@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/atmel/atmel-pdmic.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/sound/soc/atmel/atmel-pdmic.c b/sound/soc/atmel/atmel-pdmic.c
index 8e1d8230b180..049383e5405e 100644
--- a/sound/soc/atmel/atmel-pdmic.c
+++ b/sound/soc/atmel/atmel-pdmic.c
@@ -481,7 +481,6 @@ static const struct snd_soc_component_driver atmel_pdmic_cpu_dai_component = {
.num_controls = ARRAY_SIZE(atmel_pdmic_snd_controls),
.idle_bias_on = 1,
.use_pmdown_time = 1,
- .endianness = 1,
};
/* ASoC sound card */
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 299/452] ASoC: atmel-classd: Remove endianness flag on class d component
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 298/452] ASoC: atmel-pdmic: Remove endianness flag on pdmic component Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 300/452] proc: fix dentry/inode overinstantiating under /proc/${pid}/net Greg Kroah-Hartman
` (158 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Charles Keepax, Mark Brown, Sasha Levin
From: Charles Keepax <ckeepax@opensource.cirrus.com>
[ Upstream commit 0104d52a6a69b06b0e8167f7c1247e8c76aca070 ]
The endianness flag should have been removed when the driver was
ported across from having both a CODEC and CPU side component, to
just having a CPU component and using the dummy for the CODEC. The
endianness flag is used to indicate that the device is completely
ambivalent to the endianness of the data, typically due to the
endianness being lost over the hardware link (ie. the link defines
bit ordering). It's usage didn't have any effect when the driver
had both a CPU and CODEC component, since the union of those equals
the CPU side settings, but now causes the driver to falsely report
it supports big endian. Correct this by removing the flag.
Fixes: 1dfdbe73ccf9 ("ASoC: atmel-classd: remove codec component")
Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20220504170905.332415-4-ckeepax@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/atmel/atmel-classd.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/sound/soc/atmel/atmel-classd.c b/sound/soc/atmel/atmel-classd.c
index b1a28a9382fb..f91a0e728ed5 100644
--- a/sound/soc/atmel/atmel-classd.c
+++ b/sound/soc/atmel/atmel-classd.c
@@ -458,7 +458,6 @@ static const struct snd_soc_component_driver atmel_classd_cpu_dai_component = {
.num_controls = ARRAY_SIZE(atmel_classd_snd_controls),
.idle_bias_on = 1,
.use_pmdown_time = 1,
- .endianness = 1,
};
/* ASoC sound card */
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 300/452] proc: fix dentry/inode overinstantiating under /proc/${pid}/net
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (298 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 299/452] ASoC: atmel-classd: Remove endianness flag on class d component Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 301/452] ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() Greg Kroah-Hartman
` (157 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Dobriyan, hui li, Al Viro,
Andrew Morton, Sasha Levin
From: Alexey Dobriyan <adobriyan@gmail.com>
[ Upstream commit 7055197705709c59b8ab77e6a5c7d46d61edd96e ]
When a process exits, /proc/${pid}, and /proc/${pid}/net dentries are
flushed. However some leaf dentries like /proc/${pid}/net/arp_cache
aren't. That's because respective PDEs have proc_misc_d_revalidate() hook
which returns 1 and leaves dentries/inodes in the LRU.
Force revalidation/lookup on everything under /proc/${pid}/net by
inheriting proc_net_dentry_ops.
[akpm@linux-foundation.org: coding-style cleanups]
Link: https://lkml.kernel.org/r/YjdVHgildbWO7diJ@localhost.localdomain
Fixes: c6c75deda813 ("proc: fix lookup in /proc/net subdirectories after setns(2)")
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Reported-by: hui li <juanfengpy@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/proc/generic.c | 3 +++
fs/proc/proc_net.c | 3 +++
2 files changed, 6 insertions(+)
diff --git a/fs/proc/generic.c b/fs/proc/generic.c
index 09e4d8a499a3..5898761698c2 100644
--- a/fs/proc/generic.c
+++ b/fs/proc/generic.c
@@ -453,6 +453,9 @@ static struct proc_dir_entry *__proc_create(struct proc_dir_entry **parent,
proc_set_user(ent, (*parent)->uid, (*parent)->gid);
ent->proc_dops = &proc_misc_dentry_ops;
+ /* Revalidate everything under /proc/${pid}/net */
+ if ((*parent)->proc_dops == &proc_net_dentry_ops)
+ pde_force_lookup(ent);
out:
return ent;
diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c
index 1aa9236bf1af..707477e27f83 100644
--- a/fs/proc/proc_net.c
+++ b/fs/proc/proc_net.c
@@ -362,6 +362,9 @@ static __net_init int proc_net_ns_init(struct net *net)
proc_set_user(netd, uid, gid);
+ /* Seed dentry revalidation for /proc/${pid}/net */
+ pde_force_lookup(netd);
+
err = -EEXIST;
net_statd = proc_net_mkdir(net, "stat", netd);
if (!net_statd)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 301/452] ipc/mqueue: use get_tree_nodev() in mqueue_get_tree()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (299 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 300/452] proc: fix dentry/inode overinstantiating under /proc/${pid}/net Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 302/452] PCI: imx6: Fix PERST# start-up sequence Greg Kroah-Hartman
` (156 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Waiman Long, Al Viro, David Howells,
Manfred Spraul, Davidlohr Bueso, Andrew Morton, Sasha Levin
From: Waiman Long <longman@redhat.com>
[ Upstream commit d60c4d01a98bc1942dba6e3adc02031f5519f94b ]
When running the stress-ng clone benchmark with multiple testing threads,
it was found that there were significant spinlock contention in sget_fc().
The contended spinlock was the sb_lock. It is under heavy contention
because the following code in the critcal section of sget_fc():
hlist_for_each_entry(old, &fc->fs_type->fs_supers, s_instances) {
if (test(old, fc))
goto share_extant_sb;
}
After testing with added instrumentation code, it was found that the
benchmark could generate thousands of ipc namespaces with the
corresponding number of entries in the mqueue's fs_supers list where the
namespaces are the key for the search. This leads to excessive time in
scanning the list for a match.
Looking back at the mqueue calling sequence leading to sget_fc():
mq_init_ns()
=> mq_create_mount()
=> fc_mount()
=> vfs_get_tree()
=> mqueue_get_tree()
=> get_tree_keyed()
=> vfs_get_super()
=> sget_fc()
Currently, mq_init_ns() is the only mqueue function that will indirectly
call mqueue_get_tree() with a newly allocated ipc namespace as the key for
searching. As a result, there will never be a match with the exising ipc
namespaces stored in the mqueue's fs_supers list.
So using get_tree_keyed() to do an existing ipc namespace search is just a
waste of time. Instead, we could use get_tree_nodev() to eliminate the
useless search. By doing so, we can greatly reduce the sb_lock hold time
and avoid the spinlock contention problem in case a large number of ipc
namespaces are present.
Of course, if the code is modified in the future to allow
mqueue_get_tree() to be called with an existing ipc namespace instead of a
new one, we will have to use get_tree_keyed() in this case.
The following stress-ng clone benchmark command was run on a 2-socket
48-core Intel system:
./stress-ng --clone 32 --verbose --oomable --metrics-brief -t 20
The "bogo ops/s" increased from 5948.45 before patch to 9137.06 after
patch. This is an increase of 54% in performance.
Link: https://lkml.kernel.org/r/20220121172315.19652-1-longman@redhat.com
Fixes: 935c6912b198 ("ipc: Convert mqueue fs to fs_context")
Signed-off-by: Waiman Long <longman@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: David Howells <dhowells@redhat.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
ipc/mqueue.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index 05d2176cc471..86969de17084 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -45,6 +45,7 @@
struct mqueue_fs_context {
struct ipc_namespace *ipc_ns;
+ bool newns; /* Set if newly created ipc namespace */
};
#define MQUEUE_MAGIC 0x19800202
@@ -424,6 +425,14 @@ static int mqueue_get_tree(struct fs_context *fc)
{
struct mqueue_fs_context *ctx = fc->fs_private;
+ /*
+ * With a newly created ipc namespace, we don't need to do a search
+ * for an ipc namespace match, but we still need to set s_fs_info.
+ */
+ if (ctx->newns) {
+ fc->s_fs_info = ctx->ipc_ns;
+ return get_tree_nodev(fc, mqueue_fill_super);
+ }
return get_tree_keyed(fc, mqueue_fill_super, ctx->ipc_ns);
}
@@ -451,6 +460,10 @@ static int mqueue_init_fs_context(struct fs_context *fc)
return 0;
}
+/*
+ * mq_init_ns() is currently the only caller of mq_create_mount().
+ * So the ns parameter is always a newly created ipc namespace.
+ */
static struct vfsmount *mq_create_mount(struct ipc_namespace *ns)
{
struct mqueue_fs_context *ctx;
@@ -462,6 +475,7 @@ static struct vfsmount *mq_create_mount(struct ipc_namespace *ns)
return ERR_CAST(fc);
ctx = fc->fs_private;
+ ctx->newns = true;
put_ipc_ns(ctx->ipc_ns);
ctx->ipc_ns = get_ipc_ns(ns);
put_user_ns(fc->user_ns);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 302/452] PCI: imx6: Fix PERST# start-up sequence
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (300 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 301/452] ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 303/452] tty: fix deadlock caused by calling printk() under tty_port->lock Greg Kroah-Hartman
` (155 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Francesco Dolcini, Lorenzo Pieralisi,
Lucas Stach, Richard Zhu, Sasha Levin
From: Francesco Dolcini <francesco.dolcini@toradex.com>
[ Upstream commit a6809941c1f17f455db2cf4ca19c6d8c8746ec25 ]
According to the PCIe standard the PERST# signal (reset-gpio in
fsl,imx* compatible dts) should be kept asserted for at least 100 usec
before the PCIe refclock is stable, should be kept asserted for at
least 100 msec after the power rails are stable and the host should wait
at least 100 msec after it is de-asserted before accessing the
configuration space of any attached device.
>From PCIe CEM r2.0, sec 2.6.2
T-PVPERL: Power stable to PERST# inactive - 100 msec
T-PERST-CLK: REFCLK stable before PERST# inactive - 100 usec.
>From PCIe r5.0, sec 6.6.1
With a Downstream Port that does not support Link speeds greater than
5.0 GT/s, software must wait a minimum of 100 ms before sending a
Configuration Request to the device immediately below that Port.
Failure to do so could prevent PCIe devices to be working correctly,
and this was experienced with real devices.
Move reset assert to imx6_pcie_assert_core_reset(), this way we ensure
that PERST# is asserted before enabling any clock, move de-assert to the
end of imx6_pcie_deassert_core_reset() after the clock is enabled and
deemed stable and add a new delay of 100 msec just afterward.
Link: https://lore.kernel.org/all/20220211152550.286821-1-francesco.dolcini@toradex.com
Link: https://lore.kernel.org/r/20220404081509.94356-1-francesco.dolcini@toradex.com
Fixes: bb38919ec56e ("PCI: imx6: Add support for i.MX6 PCIe controller")
Signed-off-by: Francesco Dolcini <francesco.dolcini@toradex.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Lucas Stach <l.stach@pengutronix.de>
Acked-by: Richard Zhu <hongxing.zhu@nxp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/dwc/pci-imx6.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c
index 5cf1ef12fb9b..ceb4815379cd 100644
--- a/drivers/pci/controller/dwc/pci-imx6.c
+++ b/drivers/pci/controller/dwc/pci-imx6.c
@@ -401,6 +401,11 @@ static void imx6_pcie_assert_core_reset(struct imx6_pcie *imx6_pcie)
dev_err(dev, "failed to disable vpcie regulator: %d\n",
ret);
}
+
+ /* Some boards don't have PCIe reset GPIO. */
+ if (gpio_is_valid(imx6_pcie->reset_gpio))
+ gpio_set_value_cansleep(imx6_pcie->reset_gpio,
+ imx6_pcie->gpio_active_high);
}
static unsigned int imx6_pcie_grp_offset(const struct imx6_pcie *imx6_pcie)
@@ -523,15 +528,6 @@ static void imx6_pcie_deassert_core_reset(struct imx6_pcie *imx6_pcie)
/* allow the clocks to stabilize */
usleep_range(200, 500);
- /* Some boards don't have PCIe reset GPIO. */
- if (gpio_is_valid(imx6_pcie->reset_gpio)) {
- gpio_set_value_cansleep(imx6_pcie->reset_gpio,
- imx6_pcie->gpio_active_high);
- msleep(100);
- gpio_set_value_cansleep(imx6_pcie->reset_gpio,
- !imx6_pcie->gpio_active_high);
- }
-
switch (imx6_pcie->drvdata->variant) {
case IMX8MQ:
reset_control_deassert(imx6_pcie->pciephy_reset);
@@ -574,6 +570,15 @@ static void imx6_pcie_deassert_core_reset(struct imx6_pcie *imx6_pcie)
break;
}
+ /* Some boards don't have PCIe reset GPIO. */
+ if (gpio_is_valid(imx6_pcie->reset_gpio)) {
+ msleep(100);
+ gpio_set_value_cansleep(imx6_pcie->reset_gpio,
+ !imx6_pcie->gpio_active_high);
+ /* Wait for 100ms after PERST# deassertion (PCIe r5.0, 6.6.1) */
+ msleep(100);
+ }
+
return;
err_ref_clk:
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 303/452] tty: fix deadlock caused by calling printk() under tty_port->lock
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (301 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 302/452] PCI: imx6: Fix PERST# start-up sequence Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 304/452] crypto: sun8i-ss - rework handling of IV Greg Kroah-Hartman
` (154 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qi Zheng, Jiri Slaby, Akinobu Mita,
Vlastimil Babka, Steven Rostedt (Google),
Andrew Morton, Sasha Levin
From: Qi Zheng <zhengqi.arch@bytedance.com>
[ Upstream commit 6b9dbedbe3499fef862c4dff5217cf91f34e43b3 ]
pty_write() invokes kmalloc() which may invoke a normal printk() to print
failure message. This can cause a deadlock in the scenario reported by
syz-bot below:
CPU0 CPU1 CPU2
---- ---- ----
lock(console_owner);
lock(&port_lock_key);
lock(&port->lock);
lock(&port_lock_key);
lock(&port->lock);
lock(console_owner);
As commit dbdda842fe96 ("printk: Add console owner and waiter logic to
load balance console writes") said, such deadlock can be prevented by
using printk_deferred() in kmalloc() (which is invoked in the section
guarded by the port->lock). But there are too many printk() on the
kmalloc() path, and kmalloc() can be called from anywhere, so changing
printk() to printk_deferred() is too complicated and inelegant.
Therefore, this patch chooses to specify __GFP_NOWARN to kmalloc(), so
that printk() will not be called, and this deadlock problem can be
avoided.
Syzbot reported the following lockdep error:
======================================================
WARNING: possible circular locking dependency detected
5.4.143-00237-g08ccc19a-dirty #10 Not tainted
------------------------------------------------------
syz-executor.4/29420 is trying to acquire lock:
ffffffff8aedb2a0 (console_owner){....}-{0:0}, at: console_trylock_spinning kernel/printk/printk.c:1752 [inline]
ffffffff8aedb2a0 (console_owner){....}-{0:0}, at: vprintk_emit+0x2ca/0x470 kernel/printk/printk.c:2023
but task is already holding lock:
ffff8880119c9158 (&port->lock){-.-.}-{2:2}, at: pty_write+0xf4/0x1f0 drivers/tty/pty.c:120
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&port->lock){-.-.}-{2:2}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x35/0x50 kernel/locking/spinlock.c:159
tty_port_tty_get drivers/tty/tty_port.c:288 [inline] <-- lock(&port->lock);
tty_port_default_wakeup+0x1d/0xb0 drivers/tty/tty_port.c:47
serial8250_tx_chars+0x530/0xa80 drivers/tty/serial/8250/8250_port.c:1767
serial8250_handle_irq.part.0+0x31f/0x3d0 drivers/tty/serial/8250/8250_port.c:1854
serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1827 [inline] <-- lock(&port_lock_key);
serial8250_default_handle_irq+0xb2/0x220 drivers/tty/serial/8250/8250_port.c:1870
serial8250_interrupt+0xfd/0x200 drivers/tty/serial/8250/8250_core.c:126
__handle_irq_event_percpu+0x109/0xa50 kernel/irq/handle.c:156
[...]
-> #1 (&port_lock_key){-.-.}-{2:2}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x35/0x50 kernel/locking/spinlock.c:159
serial8250_console_write+0x184/0xa40 drivers/tty/serial/8250/8250_port.c:3198
<-- lock(&port_lock_key);
call_console_drivers kernel/printk/printk.c:1819 [inline]
console_unlock+0x8cb/0xd00 kernel/printk/printk.c:2504
vprintk_emit+0x1b5/0x470 kernel/printk/printk.c:2024 <-- lock(console_owner);
vprintk_func+0x8d/0x250 kernel/printk/printk_safe.c:394
printk+0xba/0xed kernel/printk/printk.c:2084
register_console+0x8b3/0xc10 kernel/printk/printk.c:2829
univ8250_console_init+0x3a/0x46 drivers/tty/serial/8250/8250_core.c:681
console_init+0x49d/0x6d3 kernel/printk/printk.c:2915
start_kernel+0x5e9/0x879 init/main.c:713
secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241
-> #0 (console_owner){....}-{0:0}:
[...]
lock_acquire+0x127/0x340 kernel/locking/lockdep.c:4734
console_trylock_spinning kernel/printk/printk.c:1773 [inline] <-- lock(console_owner);
vprintk_emit+0x307/0x470 kernel/printk/printk.c:2023
vprintk_func+0x8d/0x250 kernel/printk/printk_safe.c:394
printk+0xba/0xed kernel/printk/printk.c:2084
fail_dump lib/fault-inject.c:45 [inline]
should_fail+0x67b/0x7c0 lib/fault-inject.c:144
__should_failslab+0x152/0x1c0 mm/failslab.c:33
should_failslab+0x5/0x10 mm/slab_common.c:1224
slab_pre_alloc_hook mm/slab.h:468 [inline]
slab_alloc_node mm/slub.c:2723 [inline]
slab_alloc mm/slub.c:2807 [inline]
__kmalloc+0x72/0x300 mm/slub.c:3871
kmalloc include/linux/slab.h:582 [inline]
tty_buffer_alloc+0x23f/0x2a0 drivers/tty/tty_buffer.c:175
__tty_buffer_request_room+0x156/0x2a0 drivers/tty/tty_buffer.c:273
tty_insert_flip_string_fixed_flag+0x93/0x250 drivers/tty/tty_buffer.c:318
tty_insert_flip_string include/linux/tty_flip.h:37 [inline]
pty_write+0x126/0x1f0 drivers/tty/pty.c:122 <-- lock(&port->lock);
n_tty_write+0xa7a/0xfc0 drivers/tty/n_tty.c:2356
do_tty_write drivers/tty/tty_io.c:961 [inline]
tty_write+0x512/0x930 drivers/tty/tty_io.c:1045
__vfs_write+0x76/0x100 fs/read_write.c:494
[...]
other info that might help us debug this:
Chain exists of:
console_owner --> &port_lock_key --> &port->lock
Link: https://lkml.kernel.org/r/20220511061951.1114-2-zhengqi.arch@bytedance.com
Link: https://lkml.kernel.org/r/20220510113809.80626-2-zhengqi.arch@bytedance.com
Fixes: b6da31b2c07c ("tty: Fix data race in tty_insert_flip_string_fixed_flag")
Signed-off-by: Qi Zheng <zhengqi.arch@bytedance.com>
Acked-by: Jiri Slaby <jirislaby@kernel.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Akinobu Mita <akinobu.mita@gmail.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/tty_buffer.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/tty_buffer.c b/drivers/tty/tty_buffer.c
index 0fc473321d3e..6c4a50addadd 100644
--- a/drivers/tty/tty_buffer.c
+++ b/drivers/tty/tty_buffer.c
@@ -172,7 +172,8 @@ static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size)
have queued and recycle that ? */
if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit)
return NULL;
- p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
+ p = kmalloc(sizeof(struct tty_buffer) + 2 * size,
+ GFP_ATOMIC | __GFP_NOWARN);
if (p == NULL)
return NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 304/452] crypto: sun8i-ss - rework handling of IV
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (302 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 303/452] tty: fix deadlock caused by calling printk() under tty_port->lock Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 305/452] crypto: sun8i-ss - handle zero sized sg Greg Kroah-Hartman
` (153 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Corentin Labbe, Herbert Xu, Sasha Levin
From: Corentin Labbe <clabbe@baylibre.com>
[ Upstream commit 359e893e8af456be2fefabe851716237df289cbf ]
sun8i-ss fail handling IVs when doing decryption of multiple SGs in-place.
It should backup the last block of each SG source for using it later as
IVs.
In the same time remove allocation on requests path for storing all
IVs.
Fixes: f08fcced6d00 ("crypto: allwinner - Add sun8i-ss cryptographic offloader")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../allwinner/sun8i-ss/sun8i-ss-cipher.c | 115 ++++++++++++------
.../crypto/allwinner/sun8i-ss/sun8i-ss-core.c | 30 +++--
drivers/crypto/allwinner/sun8i-ss/sun8i-ss.h | 14 ++-
3 files changed, 107 insertions(+), 52 deletions(-)
diff --git a/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c b/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c
index f783748462f9..7b3be3dc2210 100644
--- a/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c
+++ b/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c
@@ -93,6 +93,68 @@ static int sun8i_ss_cipher_fallback(struct skcipher_request *areq)
return err;
}
+static int sun8i_ss_setup_ivs(struct skcipher_request *areq)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
+ struct sun8i_cipher_tfm_ctx *op = crypto_skcipher_ctx(tfm);
+ struct sun8i_ss_dev *ss = op->ss;
+ struct sun8i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
+ struct scatterlist *sg = areq->src;
+ unsigned int todo, offset;
+ unsigned int len = areq->cryptlen;
+ unsigned int ivsize = crypto_skcipher_ivsize(tfm);
+ struct sun8i_ss_flow *sf = &ss->flows[rctx->flow];
+ int i = 0;
+ u32 a;
+ int err;
+
+ rctx->ivlen = ivsize;
+ if (rctx->op_dir & SS_DECRYPTION) {
+ offset = areq->cryptlen - ivsize;
+ scatterwalk_map_and_copy(sf->biv, areq->src, offset,
+ ivsize, 0);
+ }
+
+ /* we need to copy all IVs from source in case DMA is bi-directionnal */
+ while (sg && len) {
+ if (sg_dma_len(sg) == 0) {
+ sg = sg_next(sg);
+ continue;
+ }
+ if (i == 0)
+ memcpy(sf->iv[0], areq->iv, ivsize);
+ a = dma_map_single(ss->dev, sf->iv[i], ivsize, DMA_TO_DEVICE);
+ if (dma_mapping_error(ss->dev, a)) {
+ memzero_explicit(sf->iv[i], ivsize);
+ dev_err(ss->dev, "Cannot DMA MAP IV\n");
+ err = -EFAULT;
+ goto dma_iv_error;
+ }
+ rctx->p_iv[i] = a;
+ /* we need to setup all others IVs only in the decrypt way */
+ if (rctx->op_dir & SS_ENCRYPTION)
+ return 0;
+ todo = min(len, sg_dma_len(sg));
+ len -= todo;
+ i++;
+ if (i < MAX_SG) {
+ offset = sg->length - ivsize;
+ scatterwalk_map_and_copy(sf->iv[i], sg, offset, ivsize, 0);
+ }
+ rctx->niv = i;
+ sg = sg_next(sg);
+ }
+
+ return 0;
+dma_iv_error:
+ i--;
+ while (i >= 0) {
+ dma_unmap_single(ss->dev, rctx->p_iv[i], ivsize, DMA_TO_DEVICE);
+ memzero_explicit(sf->iv[i], ivsize);
+ }
+ return err;
+}
+
static int sun8i_ss_cipher(struct skcipher_request *areq)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(areq);
@@ -101,9 +163,9 @@ static int sun8i_ss_cipher(struct skcipher_request *areq)
struct sun8i_cipher_req_ctx *rctx = skcipher_request_ctx(areq);
struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
struct sun8i_ss_alg_template *algt;
+ struct sun8i_ss_flow *sf = &ss->flows[rctx->flow];
struct scatterlist *sg;
unsigned int todo, len, offset, ivsize;
- void *backup_iv = NULL;
int nr_sgs = 0;
int nr_sgd = 0;
int err = 0;
@@ -134,30 +196,9 @@ static int sun8i_ss_cipher(struct skcipher_request *areq)
ivsize = crypto_skcipher_ivsize(tfm);
if (areq->iv && crypto_skcipher_ivsize(tfm) > 0) {
- rctx->ivlen = ivsize;
- rctx->biv = kzalloc(ivsize, GFP_KERNEL | GFP_DMA);
- if (!rctx->biv) {
- err = -ENOMEM;
+ err = sun8i_ss_setup_ivs(areq);
+ if (err)
goto theend_key;
- }
- if (rctx->op_dir & SS_DECRYPTION) {
- backup_iv = kzalloc(ivsize, GFP_KERNEL);
- if (!backup_iv) {
- err = -ENOMEM;
- goto theend_key;
- }
- offset = areq->cryptlen - ivsize;
- scatterwalk_map_and_copy(backup_iv, areq->src, offset,
- ivsize, 0);
- }
- memcpy(rctx->biv, areq->iv, ivsize);
- rctx->p_iv = dma_map_single(ss->dev, rctx->biv, rctx->ivlen,
- DMA_TO_DEVICE);
- if (dma_mapping_error(ss->dev, rctx->p_iv)) {
- dev_err(ss->dev, "Cannot DMA MAP IV\n");
- err = -ENOMEM;
- goto theend_iv;
- }
}
if (areq->src == areq->dst) {
nr_sgs = dma_map_sg(ss->dev, areq->src, sg_nents(areq->src),
@@ -240,21 +281,19 @@ static int sun8i_ss_cipher(struct skcipher_request *areq)
}
theend_iv:
- if (rctx->p_iv)
- dma_unmap_single(ss->dev, rctx->p_iv, rctx->ivlen,
- DMA_TO_DEVICE);
-
if (areq->iv && ivsize > 0) {
- if (rctx->biv) {
- offset = areq->cryptlen - ivsize;
- if (rctx->op_dir & SS_DECRYPTION) {
- memcpy(areq->iv, backup_iv, ivsize);
- kfree_sensitive(backup_iv);
- } else {
- scatterwalk_map_and_copy(areq->iv, areq->dst, offset,
- ivsize, 0);
- }
- kfree(rctx->biv);
+ for (i = 0; i < rctx->niv; i++) {
+ dma_unmap_single(ss->dev, rctx->p_iv[i], ivsize, DMA_TO_DEVICE);
+ memzero_explicit(sf->iv[i], ivsize);
+ }
+
+ offset = areq->cryptlen - ivsize;
+ if (rctx->op_dir & SS_DECRYPTION) {
+ memcpy(areq->iv, sf->biv, ivsize);
+ memzero_explicit(sf->biv, ivsize);
+ } else {
+ scatterwalk_map_and_copy(areq->iv, areq->dst, offset,
+ ivsize, 0);
}
}
diff --git a/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-core.c b/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-core.c
index 319fe3279a71..657530578643 100644
--- a/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-core.c
+++ b/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-core.c
@@ -66,6 +66,7 @@ int sun8i_ss_run_task(struct sun8i_ss_dev *ss, struct sun8i_cipher_req_ctx *rctx
const char *name)
{
int flow = rctx->flow;
+ unsigned int ivlen = rctx->ivlen;
u32 v = SS_START;
int i;
@@ -104,15 +105,14 @@ int sun8i_ss_run_task(struct sun8i_ss_dev *ss, struct sun8i_cipher_req_ctx *rctx
mutex_lock(&ss->mlock);
writel(rctx->p_key, ss->base + SS_KEY_ADR_REG);
- if (i == 0) {
- if (rctx->p_iv)
- writel(rctx->p_iv, ss->base + SS_IV_ADR_REG);
- } else {
- if (rctx->biv) {
- if (rctx->op_dir == SS_ENCRYPTION)
- writel(rctx->t_dst[i - 1].addr + rctx->t_dst[i - 1].len * 4 - rctx->ivlen, ss->base + SS_IV_ADR_REG);
+ if (ivlen) {
+ if (rctx->op_dir == SS_ENCRYPTION) {
+ if (i == 0)
+ writel(rctx->p_iv[0], ss->base + SS_IV_ADR_REG);
else
- writel(rctx->t_src[i - 1].addr + rctx->t_src[i - 1].len * 4 - rctx->ivlen, ss->base + SS_IV_ADR_REG);
+ writel(rctx->t_dst[i - 1].addr + rctx->t_dst[i - 1].len * 4 - ivlen, ss->base + SS_IV_ADR_REG);
+ } else {
+ writel(rctx->p_iv[i], ss->base + SS_IV_ADR_REG);
}
}
@@ -464,7 +464,7 @@ static void sun8i_ss_free_flows(struct sun8i_ss_dev *ss, int i)
*/
static int allocate_flows(struct sun8i_ss_dev *ss)
{
- int i, err;
+ int i, j, err;
ss->flows = devm_kcalloc(ss->dev, MAXFLOW, sizeof(struct sun8i_ss_flow),
GFP_KERNEL);
@@ -474,6 +474,18 @@ static int allocate_flows(struct sun8i_ss_dev *ss)
for (i = 0; i < MAXFLOW; i++) {
init_completion(&ss->flows[i].complete);
+ ss->flows[i].biv = devm_kmalloc(ss->dev, AES_BLOCK_SIZE,
+ GFP_KERNEL | GFP_DMA);
+ if (!ss->flows[i].biv)
+ goto error_engine;
+
+ for (j = 0; j < MAX_SG; j++) {
+ ss->flows[i].iv[j] = devm_kmalloc(ss->dev, AES_BLOCK_SIZE,
+ GFP_KERNEL | GFP_DMA);
+ if (!ss->flows[i].iv[j])
+ goto error_engine;
+ }
+
ss->flows[i].engine = crypto_engine_alloc_init(ss->dev, true);
if (!ss->flows[i].engine) {
dev_err(ss->dev, "Cannot allocate engine\n");
diff --git a/drivers/crypto/allwinner/sun8i-ss/sun8i-ss.h b/drivers/crypto/allwinner/sun8i-ss/sun8i-ss.h
index 1a66457f4a20..49147195ecf6 100644
--- a/drivers/crypto/allwinner/sun8i-ss/sun8i-ss.h
+++ b/drivers/crypto/allwinner/sun8i-ss/sun8i-ss.h
@@ -120,11 +120,15 @@ struct sginfo {
* @complete: completion for the current task on this flow
* @status: set to 1 by interrupt if task is done
* @stat_req: number of request done by this flow
+ * @iv: list of IV to use for each step
+ * @biv: buffer which contain the backuped IV
*/
struct sun8i_ss_flow {
struct crypto_engine *engine;
struct completion complete;
int status;
+ u8 *iv[MAX_SG];
+ u8 *biv;
#ifdef CONFIG_CRYPTO_DEV_SUN8I_SS_DEBUG
unsigned long stat_req;
#endif
@@ -163,28 +167,28 @@ struct sun8i_ss_dev {
* @t_src: list of mapped SGs with their size
* @t_dst: list of mapped SGs with their size
* @p_key: DMA address of the key
- * @p_iv: DMA address of the IV
+ * @p_iv: DMA address of the IVs
+ * @niv: Number of IVs DMA mapped
* @method: current algorithm for this request
* @op_mode: op_mode for this request
* @op_dir: direction (encrypt vs decrypt) for this request
* @flow: the flow to use for this request
- * @ivlen: size of biv
+ * @ivlen: size of IVs
* @keylen: keylen for this request
- * @biv: buffer which contain the IV
* @fallback_req: request struct for invoking the fallback skcipher TFM
*/
struct sun8i_cipher_req_ctx {
struct sginfo t_src[MAX_SG];
struct sginfo t_dst[MAX_SG];
u32 p_key;
- u32 p_iv;
+ u32 p_iv[MAX_SG];
+ int niv;
u32 method;
u32 op_mode;
u32 op_dir;
int flow;
unsigned int ivlen;
unsigned int keylen;
- void *biv;
struct skcipher_request fallback_req; // keep at the end
};
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 305/452] crypto: sun8i-ss - handle zero sized sg
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (303 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 304/452] crypto: sun8i-ss - rework handling of IV Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 306/452] crypto: cryptd - Protect per-CPU resource by disabling BH Greg Kroah-Hartman
` (152 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Corentin Labbe, Herbert Xu, Sasha Levin
From: Corentin Labbe <clabbe@baylibre.com>
[ Upstream commit c149e4763d28bb4c0e5daae8a59f2c74e889f407 ]
sun8i-ss does not handle well the possible zero sized sg.
Fixes: d9b45418a917 ("crypto: sun8i-ss - support hash algorithms")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/allwinner/sun8i-ss/sun8i-ss-hash.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-hash.c b/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-hash.c
index c9edecd43ef9..55d652cd468b 100644
--- a/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-hash.c
+++ b/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-hash.c
@@ -379,13 +379,21 @@ int sun8i_ss_hash_run(struct crypto_engine *engine, void *breq)
}
len = areq->nbytes;
- for_each_sg(areq->src, sg, nr_sgs, i) {
+ sg = areq->src;
+ i = 0;
+ while (len > 0 && sg) {
+ if (sg_dma_len(sg) == 0) {
+ sg = sg_next(sg);
+ continue;
+ }
rctx->t_src[i].addr = sg_dma_address(sg);
todo = min(len, sg_dma_len(sg));
rctx->t_src[i].len = todo / 4;
len -= todo;
rctx->t_dst[i].addr = addr_res;
rctx->t_dst[i].len = digestsize / 4;
+ sg = sg_next(sg);
+ i++;
}
if (len > 0) {
dev_err(ss->dev, "remaining len %d\n", len);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 306/452] crypto: cryptd - Protect per-CPU resource by disabling BH.
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (304 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 305/452] crypto: sun8i-ss - handle zero sized sg Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 307/452] Input: sparcspkr - fix refcount leak in bbc_beep_probe Greg Kroah-Hartman
` (151 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Andrzej Siewior,
Herbert Xu, Sasha Levin
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
[ Upstream commit 91e8bcd7b4da182e09ea19a2c73167345fe14c98 ]
The access to cryptd_queue::cpu_queue is synchronized by disabling
preemption in cryptd_enqueue_request() and disabling BH in
cryptd_queue_worker(). This implies that access is allowed from BH.
If cryptd_enqueue_request() is invoked from preemptible context _and_
soft interrupt then this can lead to list corruption since
cryptd_enqueue_request() is not protected against access from
soft interrupt.
Replace get_cpu() in cryptd_enqueue_request() with local_bh_disable()
to ensure BH is always disabled.
Remove preempt_disable() from cryptd_queue_worker() since it is not
needed because local_bh_disable() ensures synchronisation.
Fixes: 254eff771441 ("crypto: cryptd - Per-CPU thread implementation...")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
crypto/cryptd.c | 23 +++++++++++------------
1 file changed, 11 insertions(+), 12 deletions(-)
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index a1bea0f4baa8..668095eca0fa 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -39,6 +39,10 @@ struct cryptd_cpu_queue {
};
struct cryptd_queue {
+ /*
+ * Protected by disabling BH to allow enqueueing from softinterrupt and
+ * dequeuing from kworker (cryptd_queue_worker()).
+ */
struct cryptd_cpu_queue __percpu *cpu_queue;
};
@@ -125,28 +129,28 @@ static void cryptd_fini_queue(struct cryptd_queue *queue)
static int cryptd_enqueue_request(struct cryptd_queue *queue,
struct crypto_async_request *request)
{
- int cpu, err;
+ int err;
struct cryptd_cpu_queue *cpu_queue;
refcount_t *refcnt;
- cpu = get_cpu();
+ local_bh_disable();
cpu_queue = this_cpu_ptr(queue->cpu_queue);
err = crypto_enqueue_request(&cpu_queue->queue, request);
refcnt = crypto_tfm_ctx(request->tfm);
if (err == -ENOSPC)
- goto out_put_cpu;
+ goto out;
- queue_work_on(cpu, cryptd_wq, &cpu_queue->work);
+ queue_work_on(smp_processor_id(), cryptd_wq, &cpu_queue->work);
if (!refcount_read(refcnt))
- goto out_put_cpu;
+ goto out;
refcount_inc(refcnt);
-out_put_cpu:
- put_cpu();
+out:
+ local_bh_enable();
return err;
}
@@ -162,15 +166,10 @@ static void cryptd_queue_worker(struct work_struct *work)
cpu_queue = container_of(work, struct cryptd_cpu_queue, work);
/*
* Only handle one request at a time to avoid hogging crypto workqueue.
- * preempt_disable/enable is used to prevent being preempted by
- * cryptd_enqueue_request(). local_bh_disable/enable is used to prevent
- * cryptd_enqueue_request() being accessed from software interrupts.
*/
local_bh_disable();
- preempt_disable();
backlog = crypto_get_backlog(&cpu_queue->queue);
req = crypto_dequeue_request(&cpu_queue->queue);
- preempt_enable();
local_bh_enable();
if (!req)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 307/452] Input: sparcspkr - fix refcount leak in bbc_beep_probe
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (305 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 306/452] crypto: cryptd - Protect per-CPU resource by disabling BH Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 308/452] PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits Greg Kroah-Hartman
` (150 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Dmitry Torokhov, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit c8994b30d71d64d5dcc9bc0edbfdf367171aa96f ]
of_find_node_by_path() calls of_find_node_opts_by_path(),
which returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.
Fixes: 9c1a5077fdca ("input: Rewrite sparcspkr device probing.")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220516081018.42728-1-linmq006@gmail.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/misc/sparcspkr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/input/misc/sparcspkr.c b/drivers/input/misc/sparcspkr.c
index fe43e5557ed7..cdcb7737c46a 100644
--- a/drivers/input/misc/sparcspkr.c
+++ b/drivers/input/misc/sparcspkr.c
@@ -205,6 +205,7 @@ static int bbc_beep_probe(struct platform_device *op)
info = &state->u.bbc;
info->clock_freq = of_getintprop_default(dp, "clock-frequency", 0);
+ of_node_put(dp);
if (!info->clock_freq)
goto out_free;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 308/452] PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (306 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 307/452] Input: sparcspkr - fix refcount leak in bbc_beep_probe Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 309/452] hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() Greg Kroah-Hartman
` (149 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Badger,
Kuppuswamy Sathyanarayanan, Bjorn Helgaas, Ashok Raj,
Sasha Levin
From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
[ Upstream commit 203926da2bff8e172200a2f11c758987af112d4a ]
When a Root Port or Root Complex Event Collector receives an error Message
e.g., ERR_COR, it sets PCI_ERR_ROOT_COR_RCV in the Root Error Status
register and logs the Requester ID in the Error Source Identification
register. If it receives a second ERR_COR Message before software clears
PCI_ERR_ROOT_COR_RCV, hardware sets PCI_ERR_ROOT_MULTI_COR_RCV and the
Requester ID is lost.
In the following scenario, PCI_ERR_ROOT_MULTI_COR_RCV was never cleared:
- hardware receives ERR_COR message
- hardware sets PCI_ERR_ROOT_COR_RCV
- aer_irq() entered
- aer_irq(): status = pci_read_config_dword(PCI_ERR_ROOT_STATUS)
- aer_irq(): now status == PCI_ERR_ROOT_COR_RCV
- hardware receives second ERR_COR message
- hardware sets PCI_ERR_ROOT_MULTI_COR_RCV
- aer_irq(): pci_write_config_dword(PCI_ERR_ROOT_STATUS, status)
- PCI_ERR_ROOT_COR_RCV is cleared; PCI_ERR_ROOT_MULTI_COR_RCV is set
- aer_irq() entered again
- aer_irq(): status = pci_read_config_dword(PCI_ERR_ROOT_STATUS)
- aer_irq(): now status == PCI_ERR_ROOT_MULTI_COR_RCV
- aer_irq() exits because PCI_ERR_ROOT_COR_RCV not set
- PCI_ERR_ROOT_MULTI_COR_RCV is still set
The same problem occurred with ERR_NONFATAL/ERR_FATAL Messages and
PCI_ERR_ROOT_UNCOR_RCV and PCI_ERR_ROOT_MULTI_UNCOR_RCV.
Fix the problem by queueing an AER event and clearing the Root Error Status
bits when any of these bits are set:
PCI_ERR_ROOT_COR_RCV
PCI_ERR_ROOT_UNCOR_RCV
PCI_ERR_ROOT_MULTI_COR_RCV
PCI_ERR_ROOT_MULTI_UNCOR_RCV
See the bugzilla link for details from Eric about how to reproduce this
problem.
[bhelgaas: commit log, move repro details to bugzilla]
Fixes: e167bfcaa4cd ("PCI: aerdrv: remove magical ROOT_ERR_STATUS_MASKS")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215992
Link: https://lore.kernel.org/r/20220418150237.1021519-1-sathyanarayanan.kuppuswamy@linux.intel.com
Reported-by: Eric Badger <ebadger@purestorage.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Ashok Raj <ashok.raj@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/pcie/aer.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/pci/pcie/aer.c b/drivers/pci/pcie/aer.c
index 65dff5f3457a..c40546eeecb3 100644
--- a/drivers/pci/pcie/aer.c
+++ b/drivers/pci/pcie/aer.c
@@ -101,6 +101,11 @@ struct aer_stats {
#define ERR_COR_ID(d) (d & 0xffff)
#define ERR_UNCOR_ID(d) (d >> 16)
+#define AER_ERR_STATUS_MASK (PCI_ERR_ROOT_UNCOR_RCV | \
+ PCI_ERR_ROOT_COR_RCV | \
+ PCI_ERR_ROOT_MULTI_COR_RCV | \
+ PCI_ERR_ROOT_MULTI_UNCOR_RCV)
+
static int pcie_aer_disable;
static pci_ers_result_t aer_root_reset(struct pci_dev *dev);
@@ -1187,7 +1192,7 @@ static irqreturn_t aer_irq(int irq, void *context)
struct aer_err_source e_src = {};
pci_read_config_dword(rp, aer + PCI_ERR_ROOT_STATUS, &e_src.status);
- if (!(e_src.status & (PCI_ERR_ROOT_UNCOR_RCV|PCI_ERR_ROOT_COR_RCV)))
+ if (!(e_src.status & AER_ERR_STATUS_MASK))
return IRQ_NONE;
pci_read_config_dword(rp, aer + PCI_ERR_ROOT_ERR_SRC, &e_src.id);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 309/452] hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (307 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 308/452] PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 310/452] powerpc/64: Only WARN if __pa()/__va() called with bad addresses Greg Kroah-Hartman
` (148 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Herbert Xu, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit e4e62bbc6aba49a5edb3156ec65f6698ff37d228 ]
'ddata->clk' is enabled by clk_prepare_enable(), it should be disabled
by clk_disable_unprepare().
Fixes: 8d9d4bdc495f ("hwrng: omap3-rom - Use runtime PM instead of custom functions")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/hw_random/omap3-rom-rng.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/hw_random/omap3-rom-rng.c b/drivers/char/hw_random/omap3-rom-rng.c
index e0d77fa048fb..f06e4f95114f 100644
--- a/drivers/char/hw_random/omap3-rom-rng.c
+++ b/drivers/char/hw_random/omap3-rom-rng.c
@@ -92,7 +92,7 @@ static int __maybe_unused omap_rom_rng_runtime_resume(struct device *dev)
r = ddata->rom_rng_call(0, 0, RNG_GEN_PRNG_HW_INIT);
if (r != 0) {
- clk_disable(ddata->clk);
+ clk_disable_unprepare(ddata->clk);
dev_err(dev, "HW init failed: %d\n", r);
return -EIO;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 310/452] powerpc/64: Only WARN if __pa()/__va() called with bad addresses
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (308 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 309/452] hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 311/452] powerpc/perf: Fix the threshold compare group constraint for power9 Greg Kroah-Hartman
` (147 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Sasha Levin
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit c4bce84d0bd3f396f702d69be2e92bbd8af97583 ]
We added checks to __pa() / __va() to ensure they're only called with
appropriate addresses. But using BUG_ON() is too strong, it means
virt_addr_valid() will BUG when DEBUG_VIRTUAL is enabled.
Instead switch them to warnings, arm64 does the same.
Fixes: 4dd7554a6456 ("powerpc/64: Add VIRTUAL_BUG_ON checks for __va and __pa addresses")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220406145802.538416-5-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/page.h | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h
index f2c5c26869f1..03ae544eb6cc 100644
--- a/arch/powerpc/include/asm/page.h
+++ b/arch/powerpc/include/asm/page.h
@@ -216,6 +216,9 @@ static inline bool pfn_valid(unsigned long pfn)
#define __pa(x) ((phys_addr_t)(unsigned long)(x) - VIRT_PHYS_OFFSET)
#else
#ifdef CONFIG_PPC64
+
+#define VIRTUAL_WARN_ON(x) WARN_ON(IS_ENABLED(CONFIG_DEBUG_VIRTUAL) && (x))
+
/*
* gcc miscompiles (unsigned long)(&static_var) - PAGE_OFFSET
* with -mcmodel=medium, so we use & and | instead of - and + on 64-bit.
@@ -223,13 +226,13 @@ static inline bool pfn_valid(unsigned long pfn)
*/
#define __va(x) \
({ \
- VIRTUAL_BUG_ON((unsigned long)(x) >= PAGE_OFFSET); \
+ VIRTUAL_WARN_ON((unsigned long)(x) >= PAGE_OFFSET); \
(void *)(unsigned long)((phys_addr_t)(x) | PAGE_OFFSET); \
})
#define __pa(x) \
({ \
- VIRTUAL_BUG_ON((unsigned long)(x) < PAGE_OFFSET); \
+ VIRTUAL_WARN_ON((unsigned long)(x) < PAGE_OFFSET); \
(unsigned long)(x) & 0x0fffffffffffffffUL; \
})
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 311/452] powerpc/perf: Fix the threshold compare group constraint for power9
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (309 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 310/452] powerpc/64: Only WARN if __pa()/__va() called with bad addresses Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 312/452] macintosh: via-pmu and via-cuda need RTC_LIB Greg Kroah-Hartman
` (146 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kajol Jain, Athira Rajeev,
Michael Ellerman, Sasha Levin
From: Kajol Jain <kjain@linux.ibm.com>
[ Upstream commit ab0cc6bbf0c812731c703ec757fcc3fc3a457a34 ]
Thresh compare bits for a event is used to program thresh compare
field in Monitor Mode Control Register A (MMCRA: 9-18 bits for power9).
When scheduling events as a group, all events in that group should
match value in threshold bits (like thresh compare, thresh control,
thresh select). Otherwise event open for the sibling events should fail.
But in the current code, incase thresh compare bits are not valid,
we are not failing in group_constraint function which can result
in invalid group schduling.
Fix the issue by returning -1 incase event is threshold and threshold
compare value is not valid.
Thresh control bits in the event code is used to program thresh_ctl
field in Monitor Mode Control Register A (MMCRA: 48-55). In below example,
the scheduling of group events PM_MRK_INST_CMPL (873534401e0) and
PM_THRESH_MET (8734340101ec) is expected to fail as both event
request different thresh control bits and invalid thresh compare value.
Result before the patch changes:
[command]# perf stat -e "{r8735340401e0,r8734340101ec}" sleep 1
Performance counter stats for 'sleep 1':
11,048 r8735340401e0
1,967 r8734340101ec
1.001354036 seconds time elapsed
0.001421000 seconds user
0.000000000 seconds sys
Result after the patch changes:
[command]# perf stat -e "{r8735340401e0,r8734340101ec}" sleep 1
Error:
The sys_perf_event_open() syscall returned with 22 (Invalid argument)
for event (r8735340401e0).
/bin/dmesg | grep -i perf may provide additional information.
Fixes: 78a16d9fc1206 ("powerpc/perf: Avoid FAB_*_MATCH checks for power9")
Signed-off-by: Kajol Jain <kjain@linux.ibm.com>
Reviewed-by: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220506061015.43916-2-kjain@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/perf/isa207-common.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/perf/isa207-common.c b/arch/powerpc/perf/isa207-common.c
index 58448f0e4721..52990becbdfc 100644
--- a/arch/powerpc/perf/isa207-common.c
+++ b/arch/powerpc/perf/isa207-common.c
@@ -363,7 +363,8 @@ int isa207_get_constraint(u64 event, unsigned long *maskp, unsigned long *valp)
if (event_is_threshold(event) && is_thresh_cmp_valid(event)) {
mask |= CNST_THRESH_MASK;
value |= CNST_THRESH_VAL(event >> EVENT_THRESH_SHIFT);
- }
+ } else if (event_is_threshold(event))
+ return -1;
} else {
/*
* Special case for PM_MRK_FAB_RSP_MATCH and PM_MRK_FAB_RSP_MATCH_CYC,
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 312/452] macintosh: via-pmu and via-cuda need RTC_LIB
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (310 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 311/452] powerpc/perf: Fix the threshold compare group constraint for power9 Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 313/452] powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup Greg Kroah-Hartman
` (145 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Christophe Leroy,
Randy Dunlap, Arnd Bergmann, Michael Ellerman, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 9a9c5ff5fff87eb1a43db0d899473554e408fd7b ]
Fix build when RTC_LIB is not set/enabled.
Eliminates these build errors:
m68k-linux-ld: drivers/macintosh/via-pmu.o: in function `pmu_set_rtc_time':
drivers/macintosh/via-pmu.c:1769: undefined reference to `rtc_tm_to_time64'
m68k-linux-ld: drivers/macintosh/via-cuda.o: in function `cuda_set_rtc_time':
drivers/macintosh/via-cuda.c:797: undefined reference to `rtc_tm_to_time64'
Fixes: 0792a2c8e0bb ("macintosh: Use common code to access RTC")
Reported-by: kernel test robot <lkp@intel.com>
Suggested-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220410161035.592-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/macintosh/Kconfig | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/macintosh/Kconfig b/drivers/macintosh/Kconfig
index 3942db15a2b8..539a2ed4e13d 100644
--- a/drivers/macintosh/Kconfig
+++ b/drivers/macintosh/Kconfig
@@ -44,6 +44,7 @@ config ADB_IOP
config ADB_CUDA
bool "Support for Cuda/Egret based Macs and PowerMacs"
depends on (ADB || PPC_PMAC) && !PPC_PMAC64
+ select RTC_LIB
help
This provides support for Cuda/Egret based Macintosh and
Power Macintosh systems. This includes most m68k based Macs,
@@ -57,6 +58,7 @@ config ADB_CUDA
config ADB_PMU
bool "Support for PMU based PowerMacs and PowerBooks"
depends on PPC_PMAC || MAC
+ select RTC_LIB
help
On PowerBooks, iBooks, and recent iMacs and Power Macintoshes, the
PMU is an embedded microprocessor whose primary function is to
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 313/452] powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (311 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 312/452] macintosh: via-pmu and via-cuda need RTC_LIB Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 314/452] mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() Greg Kroah-Hartman
` (144 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Michael Ellerman, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit fcee96924ba1596ca80a6770b2567ca546f9a482 ]
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: abc3aeae3aaa ("fsl-rio: Add two ports and rapidio message units support")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220512123724.62931-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/sysdev/fsl_rio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/sysdev/fsl_rio.c b/arch/powerpc/sysdev/fsl_rio.c
index 07c164f7f8cf..3f9f78621cf3 100644
--- a/arch/powerpc/sysdev/fsl_rio.c
+++ b/arch/powerpc/sysdev/fsl_rio.c
@@ -505,8 +505,10 @@ int fsl_rio_setup(struct platform_device *dev)
if (rc) {
dev_err(&dev->dev, "Can't get %pOF property 'reg'\n",
rmu_node);
+ of_node_put(rmu_node);
goto err_rmu;
}
+ of_node_put(rmu_node);
rmu_regs_win = ioremap(rmu_regs.start, resource_size(&rmu_regs));
if (!rmu_regs_win) {
dev_err(&dev->dev, "Unable to map rmu register window\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 314/452] mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (312 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 313/452] powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 315/452] mailbox: forward the hrtimer if not queued and under a lock Greg Kroah-Hartman
` (143 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Lee Jones, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 311242c7703df0da14c206260b7e855f69cb0264 ]
It will cause null-ptr-deref when using 'res', if platform_get_resource()
returns NULL, so move using 'res' after devm_ioremap_resource() that
will check it to avoid null-ptr-deref.
And use devm_platform_get_and_ioremap_resource() to simplify code.
Fixes: b5e29aa880be ("mfd: davinci_voicecodec: Remove pointless #include")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20220426030857.3539336-1-yangyingliang@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/davinci_voicecodec.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/mfd/davinci_voicecodec.c b/drivers/mfd/davinci_voicecodec.c
index e5c8bc998eb4..965820481f1e 100644
--- a/drivers/mfd/davinci_voicecodec.c
+++ b/drivers/mfd/davinci_voicecodec.c
@@ -46,14 +46,12 @@ static int __init davinci_vc_probe(struct platform_device *pdev)
}
clk_enable(davinci_vc->clk);
- res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
-
- fifo_base = (dma_addr_t)res->start;
- davinci_vc->base = devm_ioremap_resource(&pdev->dev, res);
+ davinci_vc->base = devm_platform_get_and_ioremap_resource(pdev, 0, &res);
if (IS_ERR(davinci_vc->base)) {
ret = PTR_ERR(davinci_vc->base);
goto fail;
}
+ fifo_base = (dma_addr_t)res->start;
davinci_vc->regmap = devm_regmap_init_mmio(&pdev->dev,
davinci_vc->base,
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 315/452] mailbox: forward the hrtimer if not queued and under a lock
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (313 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 314/452] mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 316/452] RDMA/hfi1: Prevent use of lock before it is initialized Greg Kroah-Hartman
` (142 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Björn Ardö,
Jassi Brar, Sasha Levin
From: Björn Ardö <bjorn.ardo@axis.com>
[ Upstream commit bca1a1004615efe141fd78f360ecc48c60bc4ad5 ]
This reverts commit c7dacf5b0f32957b24ef29df1207dc2cd8307743,
"mailbox: avoid timer start from callback"
The previous commit was reverted since it lead to a race that
caused the hrtimer to not be started at all. The check for
hrtimer_active() in msg_submit() will return true if the
callback function txdone_hrtimer() is currently running. This
function could return HRTIMER_NORESTART and then the timer
will not be restarted, and also msg_submit() will not start
the timer. This will lead to a message actually being submitted
but no timer will start to check for its compleation.
The original fix that added checking hrtimer_active() was added to
avoid a warning with hrtimer_forward. Looking in the kernel
another solution to avoid this warning is to check hrtimer_is_queued()
before calling hrtimer_forward_now() instead. This however requires a
lock so the timer is not started by msg_submit() inbetween this check
and the hrtimer_forward() call.
Fixes: c7dacf5b0f32 ("mailbox: avoid timer start from callback")
Signed-off-by: Björn Ardö <bjorn.ardo@axis.com>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mailbox/mailbox.c | 19 +++++++++++++------
include/linux/mailbox_controller.h | 1 +
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/drivers/mailbox/mailbox.c b/drivers/mailbox/mailbox.c
index 3e7d4b20ab34..4229b9b5da98 100644
--- a/drivers/mailbox/mailbox.c
+++ b/drivers/mailbox/mailbox.c
@@ -82,11 +82,11 @@ static void msg_submit(struct mbox_chan *chan)
exit:
spin_unlock_irqrestore(&chan->lock, flags);
- /* kick start the timer immediately to avoid delays */
if (!err && (chan->txdone_method & TXDONE_BY_POLL)) {
- /* but only if not already active */
- if (!hrtimer_active(&chan->mbox->poll_hrt))
- hrtimer_start(&chan->mbox->poll_hrt, 0, HRTIMER_MODE_REL);
+ /* kick start the timer immediately to avoid delays */
+ spin_lock_irqsave(&chan->mbox->poll_hrt_lock, flags);
+ hrtimer_start(&chan->mbox->poll_hrt, 0, HRTIMER_MODE_REL);
+ spin_unlock_irqrestore(&chan->mbox->poll_hrt_lock, flags);
}
}
@@ -120,20 +120,26 @@ static enum hrtimer_restart txdone_hrtimer(struct hrtimer *hrtimer)
container_of(hrtimer, struct mbox_controller, poll_hrt);
bool txdone, resched = false;
int i;
+ unsigned long flags;
for (i = 0; i < mbox->num_chans; i++) {
struct mbox_chan *chan = &mbox->chans[i];
if (chan->active_req && chan->cl) {
- resched = true;
txdone = chan->mbox->ops->last_tx_done(chan);
if (txdone)
tx_tick(chan, 0);
+ else
+ resched = true;
}
}
if (resched) {
- hrtimer_forward_now(hrtimer, ms_to_ktime(mbox->txpoll_period));
+ spin_lock_irqsave(&mbox->poll_hrt_lock, flags);
+ if (!hrtimer_is_queued(hrtimer))
+ hrtimer_forward_now(hrtimer, ms_to_ktime(mbox->txpoll_period));
+ spin_unlock_irqrestore(&mbox->poll_hrt_lock, flags);
+
return HRTIMER_RESTART;
}
return HRTIMER_NORESTART;
@@ -500,6 +506,7 @@ int mbox_controller_register(struct mbox_controller *mbox)
hrtimer_init(&mbox->poll_hrt, CLOCK_MONOTONIC,
HRTIMER_MODE_REL);
mbox->poll_hrt.function = txdone_hrtimer;
+ spin_lock_init(&mbox->poll_hrt_lock);
}
for (i = 0; i < mbox->num_chans; i++) {
diff --git a/include/linux/mailbox_controller.h b/include/linux/mailbox_controller.h
index 36d6ce673503..6fee33cb52f5 100644
--- a/include/linux/mailbox_controller.h
+++ b/include/linux/mailbox_controller.h
@@ -83,6 +83,7 @@ struct mbox_controller {
const struct of_phandle_args *sp);
/* Internal to API */
struct hrtimer poll_hrt;
+ spinlock_t poll_hrt_lock;
struct list_head node;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 316/452] RDMA/hfi1: Prevent use of lock before it is initialized
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (314 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 315/452] mailbox: forward the hrtimer if not queued and under a lock Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 317/452] Input: stmfts - do not leave device disabled in stmfts_input_open Greg Kroah-Hartman
` (141 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Douglas Miller,
Dennis Dalessandro, Jason Gunthorpe, Sasha Levin
From: Douglas Miller <doug.miller@cornelisnetworks.com>
[ Upstream commit 05c03dfd09c069c4ffd783b47b2da5dcc9421f2c ]
If there is a failure during probe of hfi1 before the sdma_map_lock is
initialized, the call to hfi1_free_devdata() will attempt to use a lock
that has not been initialized. If the locking correctness validator is on
then an INFO message and stack trace resembling the following may be seen:
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
Call Trace:
register_lock_class+0x11b/0x880
__lock_acquire+0xf3/0x7930
lock_acquire+0xff/0x2d0
_raw_spin_lock_irq+0x46/0x60
sdma_clean+0x42a/0x660 [hfi1]
hfi1_free_devdata+0x3a7/0x420 [hfi1]
init_one+0x867/0x11a0 [hfi1]
pci_device_probe+0x40e/0x8d0
The use of sdma_map_lock in sdma_clean() is for freeing the sdma_map
memory, and sdma_map is not allocated/initialized until after
sdma_map_lock has been initialized. This code only needs to be run if
sdma_map is not NULL, and so checking for that condition will avoid trying
to use the lock before it is initialized.
Fixes: 473291b3ea0e ("IB/hfi1: Fix for early release of sdma context")
Fixes: 7724105686e7 ("IB/hfi1: add driver files")
Link: https://lore.kernel.org/r/20220520183701.48973.72434.stgit@awfm-01.cornelisnetworks.com
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Douglas Miller <doug.miller@cornelisnetworks.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hfi1/sdma.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/infiniband/hw/hfi1/sdma.c b/drivers/infiniband/hw/hfi1/sdma.c
index 0b73dc7847aa..a044bee257f9 100644
--- a/drivers/infiniband/hw/hfi1/sdma.c
+++ b/drivers/infiniband/hw/hfi1/sdma.c
@@ -1330,11 +1330,13 @@ void sdma_clean(struct hfi1_devdata *dd, size_t num_engines)
kvfree(sde->tx_ring);
sde->tx_ring = NULL;
}
- spin_lock_irq(&dd->sde_map_lock);
- sdma_map_free(rcu_access_pointer(dd->sdma_map));
- RCU_INIT_POINTER(dd->sdma_map, NULL);
- spin_unlock_irq(&dd->sde_map_lock);
- synchronize_rcu();
+ if (rcu_access_pointer(dd->sdma_map)) {
+ spin_lock_irq(&dd->sde_map_lock);
+ sdma_map_free(rcu_access_pointer(dd->sdma_map));
+ RCU_INIT_POINTER(dd->sdma_map, NULL);
+ spin_unlock_irq(&dd->sde_map_lock);
+ synchronize_rcu();
+ }
kfree(dd->per_sdma);
dd->per_sdma = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 317/452] Input: stmfts - do not leave device disabled in stmfts_input_open
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (315 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 316/452] RDMA/hfi1: Prevent use of lock before it is initialized Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 318/452] OPP: call of_node_put() on error path in _bandwidth_supported() Greg Kroah-Hartman
` (140 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Machek, Dmitry Torokhov, Sasha Levin
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
[ Upstream commit 5f76955ab1e43e5795a9631b22ca4f918a0ae986 ]
The commit 26623eea0da3 attempted to deal with potential leak of runtime
PM counter when opening the touchscreen device, however it ended up
erroneously dropping the counter in the case of successfully enabling the
device.
Let's address this by using pm_runtime_resume_and_get() and then executing
pm_runtime_put_sync() only when we fail to send "sense on" command to the
device.
Fixes: 26623eea0da3 ("Input: stmfts - fix reference leak in stmfts_input_open")
Reported-by: Pavel Machek <pavel@denx.de>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/touchscreen/stmfts.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/input/touchscreen/stmfts.c b/drivers/input/touchscreen/stmfts.c
index 64b690a72d10..a05a7a66b4ed 100644
--- a/drivers/input/touchscreen/stmfts.c
+++ b/drivers/input/touchscreen/stmfts.c
@@ -337,13 +337,15 @@ static int stmfts_input_open(struct input_dev *dev)
struct stmfts_data *sdata = input_get_drvdata(dev);
int err;
- err = pm_runtime_get_sync(&sdata->client->dev);
- if (err < 0)
- goto out;
+ err = pm_runtime_resume_and_get(&sdata->client->dev);
+ if (err)
+ return err;
err = i2c_smbus_write_byte(sdata->client, STMFTS_MS_MT_SENSE_ON);
- if (err)
- goto out;
+ if (err) {
+ pm_runtime_put_sync(&sdata->client->dev);
+ return err;
+ }
mutex_lock(&sdata->mutex);
sdata->running = true;
@@ -366,9 +368,7 @@ static int stmfts_input_open(struct input_dev *dev)
"failed to enable touchkey\n");
}
-out:
- pm_runtime_put_noidle(&sdata->client->dev);
- return err;
+ return 0;
}
static void stmfts_input_close(struct input_dev *dev)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 318/452] OPP: call of_node_put() on error path in _bandwidth_supported()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (316 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 317/452] Input: stmfts - do not leave device disabled in stmfts_input_open Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 319/452] f2fs: fix dereference of stale list iterator after loop body Greg Kroah-Hartman
` (139 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Viresh Kumar, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 907ed123b9d096c73e9361f6cd4097f0691497f2 ]
This code does not call of_node_put(opp_np) if of_get_next_available_child()
returns NULL. But it should.
Fixes: 45679f9b508f ("opp: Don't parse icc paths unnecessarily")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/opp/of.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/opp/of.c b/drivers/opp/of.c
index 5de46aa99d24..3d7adc0de128 100644
--- a/drivers/opp/of.c
+++ b/drivers/opp/of.c
@@ -346,11 +346,11 @@ static int _bandwidth_supported(struct device *dev, struct opp_table *opp_table)
/* Checking only first OPP is sufficient */
np = of_get_next_available_child(opp_np, NULL);
+ of_node_put(opp_np);
if (!np) {
dev_err(dev, "OPP table empty\n");
return -EINVAL;
}
- of_node_put(opp_np);
prop = of_find_property(np, "opp-peak-kBps", NULL);
of_node_put(np);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 319/452] f2fs: fix dereference of stale list iterator after loop body
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (317 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 318/452] OPP: call of_node_put() on error path in _bandwidth_supported() Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 320/452] iommu/mediatek: Add list_del in mtk_iommu_remove Greg Kroah-Hartman
` (138 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jakob Koschel, Chao Yu, Jaegeuk Kim,
Sasha Levin
From: Jakob Koschel <jakobkoschel@gmail.com>
[ Upstream commit 2aaf51dd39afb6d01d13f1e6fe20b684733b37d5 ]
The list iterator variable will be a bogus pointer if no break was hit.
Dereferencing it (cur->page in this case) could load an out-of-bounds/undefined
value making it unsafe to use that in the comparision to determine if the
specific element was found.
Since 'cur->page' *can* be out-ouf-bounds it cannot be guaranteed that
by chance (or intention of an attacker) it matches the value of 'page'
even though the correct element was not found.
This is fixed by using a separate list iterator variable for the loop
and only setting the original variable if a suitable element was found.
Then determing if the element was found is simply checking if the
variable is set.
Fixes: 8c242db9b8c0 ("f2fs: fix stale ATOMIC_WRITTEN_PAGE private pointer")
Signed-off-by: Jakob Koschel <jakobkoschel@gmail.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/segment.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 49f5cb532738..736fb57423a6 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -356,16 +356,19 @@ void f2fs_drop_inmem_page(struct inode *inode, struct page *page)
struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
struct list_head *head = &fi->inmem_pages;
struct inmem_pages *cur = NULL;
+ struct inmem_pages *tmp;
f2fs_bug_on(sbi, !IS_ATOMIC_WRITTEN_PAGE(page));
mutex_lock(&fi->inmem_lock);
- list_for_each_entry(cur, head, list) {
- if (cur->page == page)
+ list_for_each_entry(tmp, head, list) {
+ if (tmp->page == page) {
+ cur = tmp;
break;
+ }
}
- f2fs_bug_on(sbi, list_empty(head) || cur->page != page);
+ f2fs_bug_on(sbi, !cur);
list_del(&cur->list);
mutex_unlock(&fi->inmem_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 320/452] iommu/mediatek: Add list_del in mtk_iommu_remove
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (318 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 319/452] f2fs: fix dereference of stale list iterator after loop body Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 321/452] i2c: at91: use dma safe buffers Greg Kroah-Hartman
` (137 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yong Wu, AngeloGioacchino Del Regno,
Matthias Brugger, Joerg Roedel, Sasha Levin
From: Yong Wu <yong.wu@mediatek.com>
[ Upstream commit ee55f75e4bcade81d253163641b63bef3e76cac4 ]
Lack the list_del in the mtk_iommu_remove, and remove
bus_set_iommu(*, NULL) since there may be several iommu HWs.
we can not bus_set_iommu null when one iommu driver unbind.
This could be a fix for mt2712 which support 2 M4U HW and list them.
Fixes: 7c3a2ec02806 ("iommu/mediatek: Merge 2 M4U HWs into one iommu domain")
Signed-off-by: Yong Wu <yong.wu@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Link: https://lore.kernel.org/r/20220503071427.2285-6-yong.wu@mediatek.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/mtk_iommu.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/iommu/mtk_iommu.c b/drivers/iommu/mtk_iommu.c
index 19387d2bc4b4..051815c9d2bb 100644
--- a/drivers/iommu/mtk_iommu.c
+++ b/drivers/iommu/mtk_iommu.c
@@ -768,8 +768,7 @@ static int mtk_iommu_remove(struct platform_device *pdev)
iommu_device_sysfs_remove(&data->iommu);
iommu_device_unregister(&data->iommu);
- if (iommu_present(&platform_bus_type))
- bus_set_iommu(&platform_bus_type, NULL);
+ list_del(&data->list);
clk_disable_unprepare(data->bclk);
devm_free_irq(&pdev->dev, data->irq, data);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 321/452] i2c: at91: use dma safe buffers
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (319 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 320/452] iommu/mediatek: Add list_del in mtk_iommu_remove Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 322/452] cpufreq: mediatek: add missing platform_driver_unregister() on error in mtk_cpufreq_driver_init Greg Kroah-Hartman
` (136 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Walle, Codrin Ciubotariu,
Wolfram Sang, Sasha Levin
From: Michael Walle <michael@walle.cc>
[ Upstream commit 03fbb903c8bf7e53e101e8d9a7b261264317c411 ]
The supplied buffer might be on the stack and we get the following error
message:
[ 3.312058] at91_i2c e0070600.i2c: rejecting DMA map of vmalloc memory
Use i2c_{get,put}_dma_safe_msg_buf() to get a DMA-able memory region if
necessary.
Fixes: 60937b2cdbf9 ("i2c: at91: add dma support")
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-at91-master.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/i2c/busses/i2c-at91-master.c b/drivers/i2c/busses/i2c-at91-master.c
index 66864f9cf7ac..974225faaf96 100644
--- a/drivers/i2c/busses/i2c-at91-master.c
+++ b/drivers/i2c/busses/i2c-at91-master.c
@@ -657,6 +657,7 @@ static int at91_twi_xfer(struct i2c_adapter *adap, struct i2c_msg *msg, int num)
unsigned int_addr_flag = 0;
struct i2c_msg *m_start = msg;
bool is_read;
+ u8 *dma_buf;
dev_dbg(&adap->dev, "at91_xfer: processing %d messages:\n", num);
@@ -704,7 +705,17 @@ static int at91_twi_xfer(struct i2c_adapter *adap, struct i2c_msg *msg, int num)
dev->msg = m_start;
dev->recv_len_abort = false;
+ if (dev->use_dma) {
+ dma_buf = i2c_get_dma_safe_msg_buf(m_start, 1);
+ if (!dma_buf) {
+ ret = -ENOMEM;
+ goto out;
+ }
+ dev->buf = dma_buf;
+ }
+
ret = at91_do_twi_transfer(dev);
+ i2c_put_dma_safe_msg_buf(dma_buf, m_start, !ret);
ret = (ret < 0) ? ret : num;
out:
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 322/452] cpufreq: mediatek: add missing platform_driver_unregister() on error in mtk_cpufreq_driver_init
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (320 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 321/452] i2c: at91: use dma safe buffers Greg Kroah-Hartman
@ 2022-06-07 17:02 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 323/452] cpufreq: mediatek: Use module_init and add module_exit Greg Kroah-Hartman
` (135 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:02 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qinglang Miao, Viresh Kumar, Sasha Levin
From: Qinglang Miao <miaoqinglang@huawei.com>
[ Upstream commit 2f05c19d9ef4f5a42634f83bdb0db596ffc0dd30 ]
Add the missing platform_driver_unregister() before return from
mtk_cpufreq_driver_init in the error handling case when failed
to register mtk-cpufreq platform device
Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/mediatek-cpufreq.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/cpufreq/mediatek-cpufreq.c b/drivers/cpufreq/mediatek-cpufreq.c
index a310372dc53e..f2e5ba3c539b 100644
--- a/drivers/cpufreq/mediatek-cpufreq.c
+++ b/drivers/cpufreq/mediatek-cpufreq.c
@@ -573,6 +573,7 @@ static int __init mtk_cpufreq_driver_init(void)
pdev = platform_device_register_simple("mtk-cpufreq", -1, NULL, 0);
if (IS_ERR(pdev)) {
pr_err("failed to register mtk-cpufreq platform device\n");
+ platform_driver_unregister(&mtk_cpufreq_platdrv);
return PTR_ERR(pdev);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 323/452] cpufreq: mediatek: Use module_init and add module_exit
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (321 preceding siblings ...)
2022-06-07 17:02 ` [PATCH 5.10 322/452] cpufreq: mediatek: add missing platform_driver_unregister() on error in mtk_cpufreq_driver_init Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 324/452] cpufreq: mediatek: Unregister platform device on exit Greg Kroah-Hartman
` (134 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jia-Wei Chang,
AngeloGioacchino Del Regno, Viresh Kumar, Sasha Levin
From: Jia-Wei Chang <jia-wei.chang@mediatek.com>
[ Upstream commit b7070187c81cb90549d7561c0e750d7c7eb751f4 ]
- Use module_init instead of device_initcall.
- Add a function for module_exit to unregister driver.
Signed-off-by: Jia-Wei Chang <jia-wei.chang@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/mediatek-cpufreq.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/cpufreq/mediatek-cpufreq.c b/drivers/cpufreq/mediatek-cpufreq.c
index f2e5ba3c539b..07ba238a0e0e 100644
--- a/drivers/cpufreq/mediatek-cpufreq.c
+++ b/drivers/cpufreq/mediatek-cpufreq.c
@@ -579,7 +579,13 @@ static int __init mtk_cpufreq_driver_init(void)
return 0;
}
-device_initcall(mtk_cpufreq_driver_init);
+module_init(mtk_cpufreq_driver_init)
+
+static void __exit mtk_cpufreq_driver_exit(void)
+{
+ platform_driver_unregister(&mtk_cpufreq_platdrv);
+}
+module_exit(mtk_cpufreq_driver_exit)
MODULE_DESCRIPTION("MediaTek CPUFreq driver");
MODULE_AUTHOR("Pi-Cheng Chen <pi-cheng.chen@linaro.org>");
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 324/452] cpufreq: mediatek: Unregister platform device on exit
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (322 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 323/452] cpufreq: mediatek: Use module_init and add module_exit Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 325/452] MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon Greg Kroah-Hartman
` (133 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rex-BC Chen, Viresh Kumar, Sasha Levin
From: Rex-BC Chen <rex-bc.chen@mediatek.com>
[ Upstream commit f126fbadce92b92c3a7be41e4abc1fbae93ae2ef ]
We register the platform device when driver inits. However, we do not
unregister it when driver exits.
To resolve this, we declare the platform data to be a global static
variable and rename it to be "cpufreq_pdev". With this global variable,
we can do platform_device_unregister() when driver exits.
Fixes: 501c574f4e3a ("cpufreq: mediatek: Add support of cpufreq to MT2701/MT7623 SoC")
Signed-off-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
[ Viresh: Commit log and Subject ]
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/mediatek-cpufreq.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/cpufreq/mediatek-cpufreq.c b/drivers/cpufreq/mediatek-cpufreq.c
index 07ba238a0e0e..82f6592bbadb 100644
--- a/drivers/cpufreq/mediatek-cpufreq.c
+++ b/drivers/cpufreq/mediatek-cpufreq.c
@@ -44,6 +44,8 @@ struct mtk_cpu_dvfs_info {
bool need_voltage_tracking;
};
+static struct platform_device *cpufreq_pdev;
+
static LIST_HEAD(dvfs_info_list);
static struct mtk_cpu_dvfs_info *mtk_cpu_dvfs_info_lookup(int cpu)
@@ -546,7 +548,6 @@ static int __init mtk_cpufreq_driver_init(void)
{
struct device_node *np;
const struct of_device_id *match;
- struct platform_device *pdev;
int err;
np = of_find_node_by_path("/");
@@ -570,11 +571,11 @@ static int __init mtk_cpufreq_driver_init(void)
* and the device registration codes are put here to handle defer
* probing.
*/
- pdev = platform_device_register_simple("mtk-cpufreq", -1, NULL, 0);
- if (IS_ERR(pdev)) {
+ cpufreq_pdev = platform_device_register_simple("mtk-cpufreq", -1, NULL, 0);
+ if (IS_ERR(cpufreq_pdev)) {
pr_err("failed to register mtk-cpufreq platform device\n");
platform_driver_unregister(&mtk_cpufreq_platdrv);
- return PTR_ERR(pdev);
+ return PTR_ERR(cpufreq_pdev);
}
return 0;
@@ -583,6 +584,7 @@ module_init(mtk_cpufreq_driver_init)
static void __exit mtk_cpufreq_driver_exit(void)
{
+ platform_device_unregister(cpufreq_pdev);
platform_driver_unregister(&mtk_cpufreq_platdrv);
}
module_exit(mtk_cpufreq_driver_exit)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 325/452] MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (323 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 324/452] cpufreq: mediatek: Unregister platform device on exit Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 326/452] i2c: at91: Initialize dma_buf in at91_twi_xfer() Greg Kroah-Hartman
` (132 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhi Li, Guenter Roeck,
Thomas Bogendoerfer, Sasha Levin
From: Guenter Roeck <linux@roeck-us.net>
[ Upstream commit abae018a03821be2b65c01ebe2bef06fd7d85a4c ]
Calling hwmon_device_register_with_info() with NULL dev and/or chip
information parameters is an ABI abuse and not a real conversion to
the new API. Also, the code creates sysfs attributes _after_ creating
the hwmon device, which is racy and unsupported to start with. On top
of that, the removal code tries to remove the name attribute which is
owned by the hwmon core.
Use hwmon_device_register_with_groups() to register the hwmon device
instead.
In the future, the hwmon subsystem will reject calls to
hwmon_device_register_with_info with NULL dev or chip/info parameters.
Without this patch, the hwmon device will fail to register.
Fixes: f59dc5119192 ("MIPS: Loongson: Fix boot warning about hwmon_device_register()")
Cc: Zhi Li <lizhi01@loongson.cn>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/mips/cpu_hwmon.c | 127 ++++++++++--------------------
1 file changed, 41 insertions(+), 86 deletions(-)
diff --git a/drivers/platform/mips/cpu_hwmon.c b/drivers/platform/mips/cpu_hwmon.c
index 386389ffec41..d8c5f9195f85 100644
--- a/drivers/platform/mips/cpu_hwmon.c
+++ b/drivers/platform/mips/cpu_hwmon.c
@@ -55,55 +55,6 @@ int loongson3_cpu_temp(int cpu)
static int nr_packages;
static struct device *cpu_hwmon_dev;
-static SENSOR_DEVICE_ATTR(name, 0444, NULL, NULL, 0);
-
-static struct attribute *cpu_hwmon_attributes[] = {
- &sensor_dev_attr_name.dev_attr.attr,
- NULL
-};
-
-/* Hwmon device attribute group */
-static struct attribute_group cpu_hwmon_attribute_group = {
- .attrs = cpu_hwmon_attributes,
-};
-
-static ssize_t get_cpu_temp(struct device *dev,
- struct device_attribute *attr, char *buf);
-static ssize_t cpu_temp_label(struct device *dev,
- struct device_attribute *attr, char *buf);
-
-static SENSOR_DEVICE_ATTR(temp1_input, 0444, get_cpu_temp, NULL, 1);
-static SENSOR_DEVICE_ATTR(temp1_label, 0444, cpu_temp_label, NULL, 1);
-static SENSOR_DEVICE_ATTR(temp2_input, 0444, get_cpu_temp, NULL, 2);
-static SENSOR_DEVICE_ATTR(temp2_label, 0444, cpu_temp_label, NULL, 2);
-static SENSOR_DEVICE_ATTR(temp3_input, 0444, get_cpu_temp, NULL, 3);
-static SENSOR_DEVICE_ATTR(temp3_label, 0444, cpu_temp_label, NULL, 3);
-static SENSOR_DEVICE_ATTR(temp4_input, 0444, get_cpu_temp, NULL, 4);
-static SENSOR_DEVICE_ATTR(temp4_label, 0444, cpu_temp_label, NULL, 4);
-
-static const struct attribute *hwmon_cputemp[4][3] = {
- {
- &sensor_dev_attr_temp1_input.dev_attr.attr,
- &sensor_dev_attr_temp1_label.dev_attr.attr,
- NULL
- },
- {
- &sensor_dev_attr_temp2_input.dev_attr.attr,
- &sensor_dev_attr_temp2_label.dev_attr.attr,
- NULL
- },
- {
- &sensor_dev_attr_temp3_input.dev_attr.attr,
- &sensor_dev_attr_temp3_label.dev_attr.attr,
- NULL
- },
- {
- &sensor_dev_attr_temp4_input.dev_attr.attr,
- &sensor_dev_attr_temp4_label.dev_attr.attr,
- NULL
- }
-};
-
static ssize_t cpu_temp_label(struct device *dev,
struct device_attribute *attr, char *buf)
{
@@ -121,24 +72,47 @@ static ssize_t get_cpu_temp(struct device *dev,
return sprintf(buf, "%d\n", value);
}
-static int create_sysfs_cputemp_files(struct kobject *kobj)
-{
- int i, ret = 0;
-
- for (i = 0; i < nr_packages; i++)
- ret = sysfs_create_files(kobj, hwmon_cputemp[i]);
+static SENSOR_DEVICE_ATTR(temp1_input, 0444, get_cpu_temp, NULL, 1);
+static SENSOR_DEVICE_ATTR(temp1_label, 0444, cpu_temp_label, NULL, 1);
+static SENSOR_DEVICE_ATTR(temp2_input, 0444, get_cpu_temp, NULL, 2);
+static SENSOR_DEVICE_ATTR(temp2_label, 0444, cpu_temp_label, NULL, 2);
+static SENSOR_DEVICE_ATTR(temp3_input, 0444, get_cpu_temp, NULL, 3);
+static SENSOR_DEVICE_ATTR(temp3_label, 0444, cpu_temp_label, NULL, 3);
+static SENSOR_DEVICE_ATTR(temp4_input, 0444, get_cpu_temp, NULL, 4);
+static SENSOR_DEVICE_ATTR(temp4_label, 0444, cpu_temp_label, NULL, 4);
- return ret;
-}
+static struct attribute *cpu_hwmon_attributes[] = {
+ &sensor_dev_attr_temp1_input.dev_attr.attr,
+ &sensor_dev_attr_temp1_label.dev_attr.attr,
+ &sensor_dev_attr_temp2_input.dev_attr.attr,
+ &sensor_dev_attr_temp2_label.dev_attr.attr,
+ &sensor_dev_attr_temp3_input.dev_attr.attr,
+ &sensor_dev_attr_temp3_label.dev_attr.attr,
+ &sensor_dev_attr_temp4_input.dev_attr.attr,
+ &sensor_dev_attr_temp4_label.dev_attr.attr,
+ NULL
+};
-static void remove_sysfs_cputemp_files(struct kobject *kobj)
+static umode_t cpu_hwmon_is_visible(struct kobject *kobj,
+ struct attribute *attr, int i)
{
- int i;
+ int id = i / 2;
- for (i = 0; i < nr_packages; i++)
- sysfs_remove_files(kobj, hwmon_cputemp[i]);
+ if (id < nr_packages)
+ return attr->mode;
+ return 0;
}
+static struct attribute_group cpu_hwmon_group = {
+ .attrs = cpu_hwmon_attributes,
+ .is_visible = cpu_hwmon_is_visible,
+};
+
+static const struct attribute_group *cpu_hwmon_groups[] = {
+ &cpu_hwmon_group,
+ NULL
+};
+
#define CPU_THERMAL_THRESHOLD 90000
static struct delayed_work thermal_work;
@@ -159,50 +133,31 @@ static void do_thermal_timer(struct work_struct *work)
static int __init loongson_hwmon_init(void)
{
- int ret;
-
pr_info("Loongson Hwmon Enter...\n");
if (cpu_has_csr())
csr_temp_enable = csr_readl(LOONGSON_CSR_FEATURES) &
LOONGSON_CSRF_TEMP;
- cpu_hwmon_dev = hwmon_device_register_with_info(NULL, "cpu_hwmon", NULL, NULL, NULL);
- if (IS_ERR(cpu_hwmon_dev)) {
- ret = PTR_ERR(cpu_hwmon_dev);
- pr_err("hwmon_device_register fail!\n");
- goto fail_hwmon_device_register;
- }
-
nr_packages = loongson_sysconf.nr_cpus /
loongson_sysconf.cores_per_package;
- ret = create_sysfs_cputemp_files(&cpu_hwmon_dev->kobj);
- if (ret) {
- pr_err("fail to create cpu temperature interface!\n");
- goto fail_create_sysfs_cputemp_files;
+ cpu_hwmon_dev = hwmon_device_register_with_groups(NULL, "cpu_hwmon",
+ NULL, cpu_hwmon_groups);
+ if (IS_ERR(cpu_hwmon_dev)) {
+ pr_err("hwmon_device_register fail!\n");
+ return PTR_ERR(cpu_hwmon_dev);
}
INIT_DEFERRABLE_WORK(&thermal_work, do_thermal_timer);
schedule_delayed_work(&thermal_work, msecs_to_jiffies(20000));
- return ret;
-
-fail_create_sysfs_cputemp_files:
- sysfs_remove_group(&cpu_hwmon_dev->kobj,
- &cpu_hwmon_attribute_group);
- hwmon_device_unregister(cpu_hwmon_dev);
-
-fail_hwmon_device_register:
- return ret;
+ return 0;
}
static void __exit loongson_hwmon_exit(void)
{
cancel_delayed_work_sync(&thermal_work);
- remove_sysfs_cputemp_files(&cpu_hwmon_dev->kobj);
- sysfs_remove_group(&cpu_hwmon_dev->kobj,
- &cpu_hwmon_attribute_group);
hwmon_device_unregister(cpu_hwmon_dev);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 326/452] i2c: at91: Initialize dma_buf in at91_twi_xfer()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (324 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 325/452] MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 327/452] dmaengine: idxd: Fix the error handling path in idxd_cdev_register() Greg Kroah-Hartman
` (131 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Michael Walle,
Wolfram Sang, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit 6977262c2eee111645668fe9e235ef2f5694abf7 ]
Clang warns:
drivers/i2c/busses/i2c-at91-master.c:707:6: warning: variable 'dma_buf' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized]
if (dev->use_dma) {
^~~~~~~~~~~~
drivers/i2c/busses/i2c-at91-master.c:717:27: note: uninitialized use occurs here
i2c_put_dma_safe_msg_buf(dma_buf, m_start, !ret);
^~~~~~~
Initialize dma_buf to NULL, as i2c_put_dma_safe_msg_buf() is a no-op
when the first argument is NULL, which will work for the !dev->use_dma
case.
Fixes: 03fbb903c8bf ("i2c: at91: use dma safe buffers")
Link: https://github.com/ClangBuiltLinux/linux/issues/1629
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Michael Walle <michael@walle.cc>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-at91-master.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/i2c/busses/i2c-at91-master.c b/drivers/i2c/busses/i2c-at91-master.c
index 974225faaf96..7960fa4b8c5b 100644
--- a/drivers/i2c/busses/i2c-at91-master.c
+++ b/drivers/i2c/busses/i2c-at91-master.c
@@ -657,7 +657,7 @@ static int at91_twi_xfer(struct i2c_adapter *adap, struct i2c_msg *msg, int num)
unsigned int_addr_flag = 0;
struct i2c_msg *m_start = msg;
bool is_read;
- u8 *dma_buf;
+ u8 *dma_buf = NULL;
dev_dbg(&adap->dev, "at91_xfer: processing %d messages:\n", num);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 327/452] dmaengine: idxd: Fix the error handling path in idxd_cdev_register()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (325 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 326/452] i2c: at91: Initialize dma_buf in at91_twi_xfer() Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 328/452] NFS: Do not report EINTR/ERESTARTSYS as mapping errors Greg Kroah-Hartman
` (130 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Dave Jiang,
Vinod Koul, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit aab08c1aac01097815fbcf10fce7021d2396a31f ]
If a call to alloc_chrdev_region() fails, the already allocated resources
are leaking.
Add the needed error handling path to fix the leak.
Fixes: 42d279f9137a ("dmaengine: idxd: add char driver to expose submission portal to userland")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Acked-by: Dave Jiang <dave.jiang@intel.com>
Link: https://lore.kernel.org/r/1b5033dcc87b5f2a953c413f0306e883e6114542.1650521591.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/idxd/cdev.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/dma/idxd/cdev.c b/drivers/dma/idxd/cdev.c
index 4da88578ed64..ae65eb90afab 100644
--- a/drivers/dma/idxd/cdev.c
+++ b/drivers/dma/idxd/cdev.c
@@ -266,10 +266,16 @@ int idxd_cdev_register(void)
rc = alloc_chrdev_region(&ictx[i].devt, 0, MINORMASK,
ictx[i].name);
if (rc)
- return rc;
+ goto err_free_chrdev_region;
}
return 0;
+
+err_free_chrdev_region:
+ for (i--; i >= 0; i--)
+ unregister_chrdev_region(ictx[i].devt, MINORMASK);
+
+ return rc;
}
void idxd_cdev_remove(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 328/452] NFS: Do not report EINTR/ERESTARTSYS as mapping errors
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (326 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 327/452] dmaengine: idxd: Fix the error handling path in idxd_cdev_register() Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 329/452] NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS Greg Kroah-Hartman
` (129 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Anna Schumaker, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit cea9ba7239dcc84175041174304c6cdeae3226e5 ]
If the attempt to flush data was interrupted due to a local signal, then
just requeue the writes back for I/O.
Fixes: 6fbda89b257f ("NFS: Replace custom error reporting mechanism with generic one")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/write.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/write.c b/fs/nfs/write.c
index 5d07799513a6..b08323ed0c25 100644
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -1411,7 +1411,7 @@ static void nfs_async_write_error(struct list_head *head, int error)
while (!list_empty(head)) {
req = nfs_list_entry(head->next);
nfs_list_remove_request(req);
- if (nfs_error_is_fatal(error))
+ if (nfs_error_is_fatal_on_server(error))
nfs_write_error(req, error);
else
nfs_redirty_request(req);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 329/452] NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (327 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 328/452] NFS: Do not report EINTR/ERESTARTSYS as mapping errors Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 330/452] NFS: Do not report flush errors in nfs_write_end() Greg Kroah-Hartman
` (128 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Anna Schumaker, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit 9641d9bc9b75f11f70646f5c6ee9f5f519a1012e ]
If the commit to disk is interrupted, we should still first check for
filesystem errors so that we can report them in preference to the error
due to the signal.
Fixes: 2197e9b06c22 ("NFS: Fix up fsync() when the server rebooted")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/file.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/nfs/file.c b/fs/nfs/file.c
index 7b47f9b063f1..887faff3a73e 100644
--- a/fs/nfs/file.c
+++ b/fs/nfs/file.c
@@ -208,15 +208,16 @@ static int
nfs_file_fsync_commit(struct file *file, int datasync)
{
struct inode *inode = file_inode(file);
- int ret;
+ int ret, ret2;
dprintk("NFS: fsync file(%pD2) datasync %d\n", file, datasync);
nfs_inc_stats(inode, NFSIOS_VFSFSYNC);
ret = nfs_commit_inode(inode, FLUSH_SYNC);
- if (ret < 0)
- return ret;
- return file_check_and_advance_wb_err(file);
+ ret2 = file_check_and_advance_wb_err(file);
+ if (ret2 < 0)
+ return ret2;
+ return ret;
}
int
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 330/452] NFS: Do not report flush errors in nfs_write_end()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (328 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 329/452] NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 331/452] NFS: Dont report errors from nfs_pageio_complete() more than once Greg Kroah-Hartman
` (127 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Anna Schumaker, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit d95b26650e86175e4a97698d89bc1626cd1df0c6 ]
If we do flush cached writebacks in nfs_write_end() due to the imminent
expiration of an RPCSEC_GSS session, then we should defer reporting any
resulting errors until the calls to file_check_and_advance_wb_err() in
nfs_file_write() and nfs_file_fsync().
Fixes: 6fbda89b257f ("NFS: Replace custom error reporting mechanism with generic one")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/file.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/fs/nfs/file.c b/fs/nfs/file.c
index 887faff3a73e..ad856b7b9a46 100644
--- a/fs/nfs/file.c
+++ b/fs/nfs/file.c
@@ -390,11 +390,8 @@ static int nfs_write_end(struct file *file, struct address_space *mapping,
return status;
NFS_I(mapping->host)->write_io += copied;
- if (nfs_ctx_key_to_expire(ctx, mapping->host)) {
- status = nfs_wb_all(mapping->host);
- if (status < 0)
- return status;
- }
+ if (nfs_ctx_key_to_expire(ctx, mapping->host))
+ nfs_wb_all(mapping->host);
return copied;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 331/452] NFS: Dont report errors from nfs_pageio_complete() more than once
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (329 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 330/452] NFS: Do not report flush errors in nfs_write_end() Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 332/452] NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout Greg Kroah-Hartman
` (126 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Anna Schumaker, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit c5e483b77cc2edb318da152abe07e33006b975fd ]
Since errors from nfs_pageio_complete() are already being reported
through nfs_async_write_error(), we should not be returning them to the
callers of do_writepages() as well. They will end up being reported
through the generic mechanism instead.
Fixes: 6fbda89b257f ("NFS: Replace custom error reporting mechanism with generic one")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/write.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/fs/nfs/write.c b/fs/nfs/write.c
index b08323ed0c25..dc08a0c02f09 100644
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -675,11 +675,7 @@ static int nfs_writepage_locked(struct page *page,
err = nfs_do_writepage(page, wbc, &pgio);
pgio.pg_error = 0;
nfs_pageio_complete(&pgio);
- if (err < 0)
- return err;
- if (nfs_error_is_fatal(pgio.pg_error))
- return pgio.pg_error;
- return 0;
+ return err;
}
int nfs_writepage(struct page *page, struct writeback_control *wbc)
@@ -730,9 +726,6 @@ int nfs_writepages(struct address_space *mapping, struct writeback_control *wbc)
if (err < 0)
goto out_err;
- err = pgio.pg_error;
- if (nfs_error_is_fatal(err))
- goto out_err;
return 0;
out_err:
return err;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 332/452] NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (330 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 331/452] NFS: Dont report errors from nfs_pageio_complete() more than once Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 333/452] video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup Greg Kroah-Hartman
` (125 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Olga Kornievskaia, Trond Myklebust,
Anna Schumaker, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit 3764a17e31d579cf9b4bd0a69894b577e8d75702 ]
Commit 587f03deb69b caused pnfs_update_layout() to stop returning ENOMEM
when the memory allocation fails, and hence causes it to fall back to
trying to do I/O through the MDS. There is no guarantee that this will
fare any better. If we're failing the pNFS layout allocation, then we
should just redirty the page and retry later.
Reported-by: Olga Kornievskaia <aglo@umich.edu>
Fixes: 587f03deb69b ("pnfs: refactor send_layoutget")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/pnfs.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c
index b3b9eff5d572..8c0803d98008 100644
--- a/fs/nfs/pnfs.c
+++ b/fs/nfs/pnfs.c
@@ -2006,6 +2006,7 @@ pnfs_update_layout(struct inode *ino,
lo = pnfs_find_alloc_layout(ino, ctx, gfp_flags);
if (lo == NULL) {
spin_unlock(&ino->i_lock);
+ lseg = ERR_PTR(-ENOMEM);
trace_pnfs_update_layout(ino, pos, count, iomode, lo, lseg,
PNFS_UPDATE_LAYOUT_NOMEM);
goto out;
@@ -2134,6 +2135,7 @@ pnfs_update_layout(struct inode *ino,
lgp = pnfs_alloc_init_layoutget_args(ino, ctx, &stateid, &arg, gfp_flags);
if (!lgp) {
+ lseg = ERR_PTR(-ENOMEM);
trace_pnfs_update_layout(ino, pos, count, iomode, lo, NULL,
PNFS_UPDATE_LAYOUT_NOMEM);
nfs_layoutget_end(lo);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 333/452] video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (331 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 332/452] NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 334/452] dmaengine: stm32-mdma: remove GISR1 register Greg Kroah-Hartman
` (124 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Helge Deller, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit b23789a59fa6f00e98a319291819f91fbba0deb8 ]
of_parse_phandle() returns a node pointer with refcount incremented, we should
use of_node_put() on it when not need anymore. Add missing of_node_put() to
avoid refcount leak.
Fixes: d10715be03bd ("video: ARM CLCD: Add DT support")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/amba-clcd.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/video/fbdev/amba-clcd.c b/drivers/video/fbdev/amba-clcd.c
index 33595cc4778e..79efefd224f4 100644
--- a/drivers/video/fbdev/amba-clcd.c
+++ b/drivers/video/fbdev/amba-clcd.c
@@ -771,12 +771,15 @@ static int clcdfb_of_vram_setup(struct clcd_fb *fb)
return -ENODEV;
fb->fb.screen_base = of_iomap(memory, 0);
- if (!fb->fb.screen_base)
+ if (!fb->fb.screen_base) {
+ of_node_put(memory);
return -ENOMEM;
+ }
fb->fb.fix.smem_start = of_translate_address(memory,
of_get_address(memory, 0, &size, NULL));
fb->fb.fix.smem_len = size;
+ of_node_put(memory);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 334/452] dmaengine: stm32-mdma: remove GISR1 register
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (332 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 333/452] video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 335/452] dmaengine: stm32-mdma: rework interrupt handler Greg Kroah-Hartman
` (123 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amelie Delaunay, Vinod Koul, Sasha Levin
From: Amelie Delaunay <amelie.delaunay@foss.st.com>
[ Upstream commit 9d6a2d92e450926c483e45eaf426080a19219f4e ]
GISR1 was described in a not up-to-date documentation when the stm32-mdma
driver has been developed. This register has not been added in reference
manual of STM32 SoC with MDMA, which have only 32 MDMA channels.
So remove it from stm32-mdma driver.
Fixes: a4ffb13c8946 ("dmaengine: Add STM32 MDMA driver")
Signed-off-by: Amelie Delaunay <amelie.delaunay@foss.st.com>
Link: https://lore.kernel.org/r/20220504155322.121431-2-amelie.delaunay@foss.st.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/stm32-mdma.c | 21 +++++----------------
1 file changed, 5 insertions(+), 16 deletions(-)
diff --git a/drivers/dma/stm32-mdma.c b/drivers/dma/stm32-mdma.c
index fe36738f2dd7..cd394624085a 100644
--- a/drivers/dma/stm32-mdma.c
+++ b/drivers/dma/stm32-mdma.c
@@ -40,7 +40,6 @@
STM32_MDMA_SHIFT(mask))
#define STM32_MDMA_GISR0 0x0000 /* MDMA Int Status Reg 1 */
-#define STM32_MDMA_GISR1 0x0004 /* MDMA Int Status Reg 2 */
/* MDMA Channel x interrupt/status register */
#define STM32_MDMA_CISR(x) (0x40 + 0x40 * (x)) /* x = 0..62 */
@@ -196,7 +195,7 @@
#define STM32_MDMA_MAX_BUF_LEN 128
#define STM32_MDMA_MAX_BLOCK_LEN 65536
-#define STM32_MDMA_MAX_CHANNELS 63
+#define STM32_MDMA_MAX_CHANNELS 32
#define STM32_MDMA_MAX_REQUESTS 256
#define STM32_MDMA_MAX_BURST 128
#define STM32_MDMA_VERY_HIGH_PRIORITY 0x11
@@ -1350,21 +1349,11 @@ static irqreturn_t stm32_mdma_irq_handler(int irq, void *devid)
/* Find out which channel generates the interrupt */
status = readl_relaxed(dmadev->base + STM32_MDMA_GISR0);
- if (status) {
- id = __ffs(status);
- } else {
- status = readl_relaxed(dmadev->base + STM32_MDMA_GISR1);
- if (!status) {
- dev_dbg(mdma2dev(dmadev), "spurious it\n");
- return IRQ_NONE;
- }
- id = __ffs(status);
- /*
- * As GISR0 provides status for channel id from 0 to 31,
- * so GISR1 provides status for channel id from 32 to 62
- */
- id += 32;
+ if (!status) {
+ dev_dbg(mdma2dev(dmadev), "spurious it\n");
+ return IRQ_NONE;
}
+ id = __ffs(status);
chan = &dmadev->chan[id];
if (!chan) {
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 335/452] dmaengine: stm32-mdma: rework interrupt handler
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (333 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 334/452] dmaengine: stm32-mdma: remove GISR1 register Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 336/452] dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() Greg Kroah-Hartman
` (122 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amelie Delaunay, Vinod Koul, Sasha Levin
From: Amelie Delaunay <amelie.delaunay@st.com>
[ Upstream commit 1d3dd68749b9f4a4da272f39608d03b4bae0b69f ]
To avoid multiple entries in MDMA interrupt handler for each flag&interrupt
enable, manage all flags set at once.
Signed-off-by: Amelie Delaunay <amelie.delaunay@st.com>
Link: https://lore.kernel.org/r/20201120143320.30367-5-amelie.delaunay@st.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/stm32-mdma.c | 64 +++++++++++++++++++++-------------------
1 file changed, 34 insertions(+), 30 deletions(-)
diff --git a/drivers/dma/stm32-mdma.c b/drivers/dma/stm32-mdma.c
index cd394624085a..4ec6f5b69f56 100644
--- a/drivers/dma/stm32-mdma.c
+++ b/drivers/dma/stm32-mdma.c
@@ -1345,7 +1345,7 @@ static irqreturn_t stm32_mdma_irq_handler(int irq, void *devid)
{
struct stm32_mdma_device *dmadev = devid;
struct stm32_mdma_chan *chan = devid;
- u32 reg, id, ien, status, flag;
+ u32 reg, id, ccr, ien, status;
/* Find out which channel generates the interrupt */
status = readl_relaxed(dmadev->base + STM32_MDMA_GISR0);
@@ -1357,67 +1357,71 @@ static irqreturn_t stm32_mdma_irq_handler(int irq, void *devid)
chan = &dmadev->chan[id];
if (!chan) {
- dev_dbg(mdma2dev(dmadev), "MDMA channel not initialized\n");
- goto exit;
+ dev_warn(mdma2dev(dmadev), "MDMA channel not initialized\n");
+ return IRQ_NONE;
}
/* Handle interrupt for the channel */
spin_lock(&chan->vchan.lock);
- status = stm32_mdma_read(dmadev, STM32_MDMA_CISR(chan->id));
- ien = stm32_mdma_read(dmadev, STM32_MDMA_CCR(chan->id));
- ien &= STM32_MDMA_CCR_IRQ_MASK;
- ien >>= 1;
+ status = stm32_mdma_read(dmadev, STM32_MDMA_CISR(id));
+ /* Mask Channel ReQuest Active bit which can be set in case of MEM2MEM */
+ status &= ~STM32_MDMA_CISR_CRQA;
+ ccr = stm32_mdma_read(dmadev, STM32_MDMA_CCR(id));
+ ien = (ccr & STM32_MDMA_CCR_IRQ_MASK) >> 1;
if (!(status & ien)) {
spin_unlock(&chan->vchan.lock);
- dev_dbg(chan2dev(chan),
- "spurious it (status=0x%04x, ien=0x%04x)\n",
- status, ien);
+ dev_warn(chan2dev(chan),
+ "spurious it (status=0x%04x, ien=0x%04x)\n",
+ status, ien);
return IRQ_NONE;
}
- flag = __ffs(status & ien);
- reg = STM32_MDMA_CIFCR(chan->id);
+ reg = STM32_MDMA_CIFCR(id);
- switch (1 << flag) {
- case STM32_MDMA_CISR_TEIF:
- id = chan->id;
- status = readl_relaxed(dmadev->base + STM32_MDMA_CESR(id));
- dev_err(chan2dev(chan), "Transfer Err: stat=0x%08x\n", status);
+ if (status & STM32_MDMA_CISR_TEIF) {
+ dev_err(chan2dev(chan), "Transfer Err: stat=0x%08x\n",
+ readl_relaxed(dmadev->base + STM32_MDMA_CESR(id)));
stm32_mdma_set_bits(dmadev, reg, STM32_MDMA_CIFCR_CTEIF);
- break;
+ status &= ~STM32_MDMA_CISR_TEIF;
+ }
- case STM32_MDMA_CISR_CTCIF:
+ if (status & STM32_MDMA_CISR_CTCIF) {
stm32_mdma_set_bits(dmadev, reg, STM32_MDMA_CIFCR_CCTCIF);
+ status &= ~STM32_MDMA_CISR_CTCIF;
stm32_mdma_xfer_end(chan);
- break;
+ }
- case STM32_MDMA_CISR_BRTIF:
+ if (status & STM32_MDMA_CISR_BRTIF) {
stm32_mdma_set_bits(dmadev, reg, STM32_MDMA_CIFCR_CBRTIF);
- break;
+ status &= ~STM32_MDMA_CISR_BRTIF;
+ }
- case STM32_MDMA_CISR_BTIF:
+ if (status & STM32_MDMA_CISR_BTIF) {
stm32_mdma_set_bits(dmadev, reg, STM32_MDMA_CIFCR_CBTIF);
+ status &= ~STM32_MDMA_CISR_BTIF;
chan->curr_hwdesc++;
if (chan->desc && chan->desc->cyclic) {
if (chan->curr_hwdesc == chan->desc->count)
chan->curr_hwdesc = 0;
vchan_cyclic_callback(&chan->desc->vdesc);
}
- break;
+ }
- case STM32_MDMA_CISR_TCIF:
+ if (status & STM32_MDMA_CISR_TCIF) {
stm32_mdma_set_bits(dmadev, reg, STM32_MDMA_CIFCR_CLTCIF);
- break;
+ status &= ~STM32_MDMA_CISR_TCIF;
+ }
- default:
- dev_err(chan2dev(chan), "it %d unhandled (status=0x%04x)\n",
- 1 << flag, status);
+ if (status) {
+ stm32_mdma_set_bits(dmadev, reg, status);
+ dev_err(chan2dev(chan), "DMA error: status=0x%08x\n", status);
+ if (!(ccr & STM32_MDMA_CCR_EN))
+ dev_err(chan2dev(chan), "chan disabled by HW\n");
}
spin_unlock(&chan->vchan.lock);
-exit:
return IRQ_HANDLED;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 336/452] dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (334 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 335/452] dmaengine: stm32-mdma: rework interrupt handler Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 337/452] iommu/amd: Increase timeout waiting for GA log enablement Greg Kroah-Hartman
` (121 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amelie Delaunay, Vinod Koul, Sasha Levin
From: Amelie Delaunay <amelie.delaunay@foss.st.com>
[ Upstream commit da3b8ddb464bd49b6248d00ca888ad751c9e44fd ]
The parameter to pass back to the handler function when irq has been
requested is a struct stm32_mdma_device pointer, not a struct
stm32_mdma_chan pointer.
Even if chan is reinit later in the function, remove this wrong
initialization.
Fixes: a4ffb13c8946 ("dmaengine: Add STM32 MDMA driver")
Signed-off-by: Amelie Delaunay <amelie.delaunay@foss.st.com>
Link: https://lore.kernel.org/r/20220504155322.121431-3-amelie.delaunay@foss.st.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/stm32-mdma.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/dma/stm32-mdma.c b/drivers/dma/stm32-mdma.c
index 4ec6f5b69f56..9d54746c422c 100644
--- a/drivers/dma/stm32-mdma.c
+++ b/drivers/dma/stm32-mdma.c
@@ -1344,7 +1344,7 @@ static void stm32_mdma_xfer_end(struct stm32_mdma_chan *chan)
static irqreturn_t stm32_mdma_irq_handler(int irq, void *devid)
{
struct stm32_mdma_device *dmadev = devid;
- struct stm32_mdma_chan *chan = devid;
+ struct stm32_mdma_chan *chan;
u32 reg, id, ccr, ien, status;
/* Find out which channel generates the interrupt */
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 337/452] iommu/amd: Increase timeout waiting for GA log enablement
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (335 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 336/452] dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 338/452] i2c: npcm: Fix timeout calculation Greg Kroah-Hartman
` (120 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, D. Ziegfeld, Jörg-Volker Peetz,
Joerg Roedel, Sasha Levin
From: Joerg Roedel <jroedel@suse.de>
[ Upstream commit 42bb5aa043382f09bef2cc33b8431be867c70f8e ]
On some systems it can take a long time for the hardware to enable the
GA log of the AMD IOMMU. The current wait time is only 0.1ms, but
testing showed that it can take up to 14ms for the GA log to enter
running state after it has been enabled.
Sometimes the long delay happens when booting the system, sometimes
only on resume. Adjust the timeout accordingly to not print a warning
when hardware takes a longer than usual.
There has already been an attempt to fix this with commit
9b45a7738eec ("iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()")
But that commit was based on some wrong math and did not fix the issue
in all cases.
Cc: "D. Ziegfeld" <dzigg@posteo.de>
Cc: Jörg-Volker Peetz <jvpeetz@web.de>
Fixes: 8bda0cfbdc1a ("iommu/amd: Detect and initialize guest vAPIC log")
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Link: https://lore.kernel.org/r/20220520102214.12563-1-joro@8bytes.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/amd/init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c
index 6eaefc9e7b3d..e988f6f198c5 100644
--- a/drivers/iommu/amd/init.c
+++ b/drivers/iommu/amd/init.c
@@ -84,7 +84,7 @@
#define ACPI_DEVFLAG_LINT1 0x80
#define ACPI_DEVFLAG_ATSDIS 0x10000000
-#define LOOP_TIMEOUT 100000
+#define LOOP_TIMEOUT 2000000
/*
* ACPI table definitions
*
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 338/452] i2c: npcm: Fix timeout calculation
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (336 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 337/452] iommu/amd: Increase timeout waiting for GA log enablement Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 339/452] i2c: npcm: Correct register access width Greg Kroah-Hartman
` (119 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tali Perry, Tyrone Ting,
Wolfram Sang, Sasha Levin
From: Tali Perry <tali.perry1@gmail.com>
[ Upstream commit 288b204492fddf28889cea6dc95a23976632c7a0 ]
Use adap.timeout for timeout calculation instead of hard-coded
value of 35ms.
Fixes: 56a1485b102e ("i2c: npcm7xx: Add Nuvoton NPCM I2C controller driver")
Signed-off-by: Tali Perry <tali.perry1@gmail.com>
Signed-off-by: Tyrone Ting <kfting@nuvoton.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-npcm7xx.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/i2c/busses/i2c-npcm7xx.c b/drivers/i2c/busses/i2c-npcm7xx.c
index 2ad166355ec9..92fd88a3f415 100644
--- a/drivers/i2c/busses/i2c-npcm7xx.c
+++ b/drivers/i2c/busses/i2c-npcm7xx.c
@@ -2047,7 +2047,7 @@ static int npcm_i2c_master_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs,
u16 nwrite, nread;
u8 *write_data, *read_data;
u8 slave_addr;
- int timeout;
+ unsigned long timeout;
int ret = 0;
bool read_block = false;
bool read_PEC = false;
@@ -2099,13 +2099,13 @@ static int npcm_i2c_master_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs,
* 9: bits per transaction (including the ack/nack)
*/
timeout_usec = (2 * 9 * USEC_PER_SEC / bus->bus_freq) * (2 + nread + nwrite);
- timeout = max(msecs_to_jiffies(35), usecs_to_jiffies(timeout_usec));
+ timeout = max_t(unsigned long, bus->adap.timeout, usecs_to_jiffies(timeout_usec));
if (nwrite >= 32 * 1024 || nread >= 32 * 1024) {
dev_err(bus->dev, "i2c%d buffer too big\n", bus->num);
return -EINVAL;
}
- time_left = jiffies + msecs_to_jiffies(DEFAULT_STALL_COUNT) + 1;
+ time_left = jiffies + timeout + 1;
do {
/*
* we must clear slave address immediately when the bus is not
@@ -2269,7 +2269,7 @@ static int npcm_i2c_probe_bus(struct platform_device *pdev)
adap = &bus->adap;
adap->owner = THIS_MODULE;
adap->retries = 3;
- adap->timeout = HZ;
+ adap->timeout = msecs_to_jiffies(35);
adap->algo = &npcm_i2c_algo;
adap->quirks = &npcm_i2c_quirks;
adap->algo_data = bus;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 339/452] i2c: npcm: Correct register access width
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (337 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 338/452] i2c: npcm: Fix timeout calculation Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 340/452] i2c: npcm: Handle spurious interrupts Greg Kroah-Hartman
` (118 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tyrone Ting,
Jonathan Neuschäfer, Wolfram Sang, Sasha Levin
From: Tyrone Ting <kfting@nuvoton.com>
[ Upstream commit ea9f8426d17620214ee345ffb77ee6cc196ff14f ]
The SMBnCTL3 register is 8-bit wide and the 32-bit access was always
incorrect, but simply didn't cause a visible error on the 32-bit machine.
On the 64-bit machine, the kernel message reports that ESR value is
0x96000021. Checking Arm Architecture Reference Manual Armv8 suggests that
it's the alignment fault.
SMBnCTL3's address is 0xE.
Fixes: 56a1485b102e ("i2c: npcm7xx: Add Nuvoton NPCM I2C controller driver")
Signed-off-by: Tyrone Ting <kfting@nuvoton.com>
Reviewed-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-npcm7xx.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/i2c/busses/i2c-npcm7xx.c b/drivers/i2c/busses/i2c-npcm7xx.c
index 92fd88a3f415..cdea7f440a9e 100644
--- a/drivers/i2c/busses/i2c-npcm7xx.c
+++ b/drivers/i2c/busses/i2c-npcm7xx.c
@@ -359,14 +359,14 @@ static int npcm_i2c_get_SCL(struct i2c_adapter *_adap)
{
struct npcm_i2c *bus = container_of(_adap, struct npcm_i2c, adap);
- return !!(I2CCTL3_SCL_LVL & ioread32(bus->reg + NPCM_I2CCTL3));
+ return !!(I2CCTL3_SCL_LVL & ioread8(bus->reg + NPCM_I2CCTL3));
}
static int npcm_i2c_get_SDA(struct i2c_adapter *_adap)
{
struct npcm_i2c *bus = container_of(_adap, struct npcm_i2c, adap);
- return !!(I2CCTL3_SDA_LVL & ioread32(bus->reg + NPCM_I2CCTL3));
+ return !!(I2CCTL3_SDA_LVL & ioread8(bus->reg + NPCM_I2CCTL3));
}
static inline u16 npcm_i2c_get_index(struct npcm_i2c *bus)
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 340/452] i2c: npcm: Handle spurious interrupts
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (338 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 339/452] i2c: npcm: Correct register access width Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 341/452] i2c: rcar: fix PM ref counts in probe error paths Greg Kroah-Hartman
` (117 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tali Perry, Tyrone Ting,
Wolfram Sang, Sasha Levin
From: Tali Perry <tali.perry1@gmail.com>
[ Upstream commit e5222d408de2a88e6b206c38217b48d092184553 ]
On some platforms in rare cases (1 to 100,000 transactions),
the i2c gets a spurious interrupt which means that we enter an interrupt
but in the interrupt handler we don't find any status bit that points to
the reason we got this interrupt.
This may be a case of a rare HW issue or signal integrity issue that is
still under investigation.
In order to overcome this we are doing the following:
1. Disable incoming interrupts in master mode only when slave mode is not
enabled.
2. Clear end of busy (EOB) after every interrupt.
3. Clear other status bits (just in case since we found them cleared)
4. Return correct status during the interrupt that will finish the
transaction.
On next xmit transaction if the bus is still busy the master will issue a
recovery process before issuing the new transaction.
Fixes: 56a1485b102e ("i2c: npcm7xx: Add Nuvoton NPCM I2C controller driver")
Signed-off-by: Tali Perry <tali.perry1@gmail.com>
Signed-off-by: Tyrone Ting <kfting@nuvoton.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-npcm7xx.c | 91 ++++++++++++++++++++++----------
1 file changed, 62 insertions(+), 29 deletions(-)
diff --git a/drivers/i2c/busses/i2c-npcm7xx.c b/drivers/i2c/busses/i2c-npcm7xx.c
index cdea7f440a9e..20a2f903b7f6 100644
--- a/drivers/i2c/busses/i2c-npcm7xx.c
+++ b/drivers/i2c/busses/i2c-npcm7xx.c
@@ -563,6 +563,15 @@ static inline void npcm_i2c_nack(struct npcm_i2c *bus)
iowrite8(val, bus->reg + NPCM_I2CCTL1);
}
+static inline void npcm_i2c_clear_master_status(struct npcm_i2c *bus)
+{
+ u8 val;
+
+ /* Clear NEGACK, STASTR and BER bits */
+ val = NPCM_I2CST_BER | NPCM_I2CST_NEGACK | NPCM_I2CST_STASTR;
+ iowrite8(val, bus->reg + NPCM_I2CST);
+}
+
#if IS_ENABLED(CONFIG_I2C_SLAVE)
static void npcm_i2c_slave_int_enable(struct npcm_i2c *bus, bool enable)
{
@@ -642,8 +651,8 @@ static void npcm_i2c_reset(struct npcm_i2c *bus)
iowrite8(NPCM_I2CCST_BB, bus->reg + NPCM_I2CCST);
iowrite8(0xFF, bus->reg + NPCM_I2CST);
- /* Clear EOB bit */
- iowrite8(NPCM_I2CCST3_EO_BUSY, bus->reg + NPCM_I2CCST3);
+ /* Clear and disable EOB */
+ npcm_i2c_eob_int(bus, false);
/* Clear all fifo bits: */
iowrite8(NPCM_I2CFIF_CTS_CLR_FIFO, bus->reg + NPCM_I2CFIF_CTS);
@@ -655,6 +664,9 @@ static void npcm_i2c_reset(struct npcm_i2c *bus)
}
#endif
+ /* clear status bits for spurious interrupts */
+ npcm_i2c_clear_master_status(bus);
+
bus->state = I2C_IDLE;
}
@@ -815,15 +827,6 @@ static void npcm_i2c_read_fifo(struct npcm_i2c *bus, u8 bytes_in_fifo)
}
}
-static inline void npcm_i2c_clear_master_status(struct npcm_i2c *bus)
-{
- u8 val;
-
- /* Clear NEGACK, STASTR and BER bits */
- val = NPCM_I2CST_BER | NPCM_I2CST_NEGACK | NPCM_I2CST_STASTR;
- iowrite8(val, bus->reg + NPCM_I2CST);
-}
-
static void npcm_i2c_master_abort(struct npcm_i2c *bus)
{
/* Only current master is allowed to issue a stop condition */
@@ -1231,7 +1234,16 @@ static irqreturn_t npcm_i2c_int_slave_handler(struct npcm_i2c *bus)
ret = IRQ_HANDLED;
} /* SDAST */
- return ret;
+ /*
+ * if irq is not one of the above, make sure EOB is disabled and all
+ * status bits are cleared.
+ */
+ if (ret == IRQ_NONE) {
+ npcm_i2c_eob_int(bus, false);
+ npcm_i2c_clear_master_status(bus);
+ }
+
+ return IRQ_HANDLED;
}
static int npcm_i2c_reg_slave(struct i2c_client *client)
@@ -1467,6 +1479,9 @@ static void npcm_i2c_irq_handle_nack(struct npcm_i2c *bus)
npcm_i2c_eob_int(bus, false);
npcm_i2c_master_stop(bus);
+ /* Clear SDA Status bit (by reading dummy byte) */
+ npcm_i2c_rd_byte(bus);
+
/*
* The bus is released from stall only after the SW clears
* NEGACK bit. Then a Stop condition is sent.
@@ -1474,6 +1489,8 @@ static void npcm_i2c_irq_handle_nack(struct npcm_i2c *bus)
npcm_i2c_clear_master_status(bus);
readx_poll_timeout_atomic(ioread8, bus->reg + NPCM_I2CCST, val,
!(val & NPCM_I2CCST_BUSY), 10, 200);
+ /* verify no status bits are still set after bus is released */
+ npcm_i2c_clear_master_status(bus);
}
bus->state = I2C_IDLE;
@@ -1672,10 +1689,10 @@ static int npcm_i2c_recovery_tgclk(struct i2c_adapter *_adap)
int iter = 27;
if ((npcm_i2c_get_SDA(_adap) == 1) && (npcm_i2c_get_SCL(_adap) == 1)) {
- dev_dbg(bus->dev, "bus%d recovery skipped, bus not stuck",
- bus->num);
+ dev_dbg(bus->dev, "bus%d-0x%x recovery skipped, bus not stuck",
+ bus->num, bus->dest_addr);
npcm_i2c_reset(bus);
- return status;
+ return 0;
}
npcm_i2c_int_enable(bus, false);
@@ -1909,6 +1926,7 @@ static int npcm_i2c_init_module(struct npcm_i2c *bus, enum i2c_mode mode,
bus_freq_hz < I2C_FREQ_MIN_HZ || bus_freq_hz > I2C_FREQ_MAX_HZ)
return -EINVAL;
+ npcm_i2c_int_enable(bus, false);
npcm_i2c_disable(bus);
/* Configure FIFO mode : */
@@ -1937,10 +1955,17 @@ static int npcm_i2c_init_module(struct npcm_i2c *bus, enum i2c_mode mode,
val = (val | NPCM_I2CCTL1_NMINTE) & ~NPCM_I2CCTL1_RWS;
iowrite8(val, bus->reg + NPCM_I2CCTL1);
- npcm_i2c_int_enable(bus, true);
-
npcm_i2c_reset(bus);
+ /* check HW is OK: SDA and SCL should be high at this point. */
+ if ((npcm_i2c_get_SDA(&bus->adap) == 0) || (npcm_i2c_get_SCL(&bus->adap) == 0)) {
+ dev_err(bus->dev, "I2C%d init fail: lines are low\n", bus->num);
+ dev_err(bus->dev, "SDA=%d SCL=%d\n", npcm_i2c_get_SDA(&bus->adap),
+ npcm_i2c_get_SCL(&bus->adap));
+ return -ENXIO;
+ }
+
+ npcm_i2c_int_enable(bus, true);
return 0;
}
@@ -1988,10 +2013,14 @@ static irqreturn_t npcm_i2c_bus_irq(int irq, void *dev_id)
#if IS_ENABLED(CONFIG_I2C_SLAVE)
if (bus->slave) {
bus->master_or_slave = I2C_SLAVE;
- return npcm_i2c_int_slave_handler(bus);
+ if (npcm_i2c_int_slave_handler(bus))
+ return IRQ_HANDLED;
}
#endif
- return IRQ_NONE;
+ /* clear status bits for spurious interrupts */
+ npcm_i2c_clear_master_status(bus);
+
+ return IRQ_HANDLED;
}
static bool npcm_i2c_master_start_xmit(struct npcm_i2c *bus,
@@ -2048,7 +2077,6 @@ static int npcm_i2c_master_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs,
u8 *write_data, *read_data;
u8 slave_addr;
unsigned long timeout;
- int ret = 0;
bool read_block = false;
bool read_PEC = false;
u8 bus_busy;
@@ -2138,12 +2166,12 @@ static int npcm_i2c_master_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs,
bus->read_block_use = read_block;
reinit_completion(&bus->cmd_complete);
- if (!npcm_i2c_master_start_xmit(bus, slave_addr, nwrite, nread,
- write_data, read_data, read_PEC,
- read_block))
- ret = -EBUSY;
- if (ret != -EBUSY) {
+ npcm_i2c_int_enable(bus, true);
+
+ if (npcm_i2c_master_start_xmit(bus, slave_addr, nwrite, nread,
+ write_data, read_data, read_PEC,
+ read_block)) {
time_left = wait_for_completion_timeout(&bus->cmd_complete,
timeout);
@@ -2157,26 +2185,31 @@ static int npcm_i2c_master_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs,
}
}
}
- ret = bus->cmd_err;
/* if there was BER, check if need to recover the bus: */
if (bus->cmd_err == -EAGAIN)
- ret = i2c_recover_bus(adap);
+ bus->cmd_err = i2c_recover_bus(adap);
/*
* After any type of error, check if LAST bit is still set,
* due to a HW issue.
* It cannot be cleared without resetting the module.
*/
- if (bus->cmd_err &&
- (NPCM_I2CRXF_CTL_LAST_PEC & ioread8(bus->reg + NPCM_I2CRXF_CTL)))
+ else if (bus->cmd_err &&
+ (NPCM_I2CRXF_CTL_LAST_PEC & ioread8(bus->reg + NPCM_I2CRXF_CTL)))
npcm_i2c_reset(bus);
+ /* after any xfer, successful or not, stall and EOB must be disabled */
+ npcm_i2c_stall_after_start(bus, false);
+ npcm_i2c_eob_int(bus, false);
+
#if IS_ENABLED(CONFIG_I2C_SLAVE)
/* reenable slave if it was enabled */
if (bus->slave)
iowrite8((bus->slave->addr & 0x7F) | NPCM_I2CADDR_SAEN,
bus->reg + NPCM_I2CADDR1);
+#else
+ npcm_i2c_int_enable(bus, false);
#endif
return bus->cmd_err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 341/452] i2c: rcar: fix PM ref counts in probe error paths
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (339 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 340/452] i2c: npcm: Handle spurious interrupts Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 342/452] perf c2c: Use stdio interface if slang is not supported Greg Kroah-Hartman
` (116 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kuninori Morimoto, Wolfram Sang,
Wolfram Sang, Sasha Levin
From: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
[ Upstream commit 3fe2ec59db1a7569e18594b9c0cf1f4f1afd498e ]
We have to take care of ID_P_PM_BLOCKED when bailing out during probe.
Fixes: 7ee24eb508d6 ("i2c: rcar: disable PM in multi-master mode")
Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-rcar.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/drivers/i2c/busses/i2c-rcar.c b/drivers/i2c/busses/i2c-rcar.c
index 8722ca23f889..6a7a7a074a97 100644
--- a/drivers/i2c/busses/i2c-rcar.c
+++ b/drivers/i2c/busses/i2c-rcar.c
@@ -999,8 +999,10 @@ static int rcar_i2c_probe(struct platform_device *pdev)
pm_runtime_enable(dev);
pm_runtime_get_sync(dev);
ret = rcar_i2c_clock_calculate(priv);
- if (ret < 0)
- goto out_pm_put;
+ if (ret < 0) {
+ pm_runtime_put(dev);
+ goto out_pm_disable;
+ }
rcar_i2c_write(priv, ICSAR, 0); /* Gen2: must be 0 if not using slave */
@@ -1029,19 +1031,19 @@ static int rcar_i2c_probe(struct platform_device *pdev)
ret = platform_get_irq(pdev, 0);
if (ret < 0)
- goto out_pm_disable;
+ goto out_pm_put;
priv->irq = ret;
ret = devm_request_irq(dev, priv->irq, irqhandler, irqflags, dev_name(dev), priv);
if (ret < 0) {
dev_err(dev, "cannot get irq %d\n", priv->irq);
- goto out_pm_disable;
+ goto out_pm_put;
}
platform_set_drvdata(pdev, priv);
ret = i2c_add_numbered_adapter(adap);
if (ret < 0)
- goto out_pm_disable;
+ goto out_pm_put;
if (priv->flags & ID_P_HOST_NOTIFY) {
priv->host_notify_client = i2c_new_slave_host_notify_device(adap);
@@ -1058,7 +1060,8 @@ static int rcar_i2c_probe(struct platform_device *pdev)
out_del_device:
i2c_del_adapter(&priv->adap);
out_pm_put:
- pm_runtime_put(dev);
+ if (priv->flags & ID_P_PM_BLOCKED)
+ pm_runtime_put(dev);
out_pm_disable:
pm_runtime_disable(dev);
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 342/452] perf c2c: Use stdio interface if slang is not supported
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (340 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 341/452] i2c: rcar: fix PM ref counts in probe error paths Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 343/452] perf jevents: Fix event syntax error caused by ExtSel Greg Kroah-Hartman
` (115 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Joe Mario, Leo Yan,
Alexander Shishkin, Jiri Olsa, Mark Rutland, Namhyung Kim,
Peter Zijlstra, Arnaldo Carvalho de Melo, Sasha Levin
From: Leo Yan <leo.yan@linaro.org>
[ Upstream commit c4040212bc97d16040712a410335f93bc94d2262 ]
If the slang lib is not installed on the system, perf c2c tool disables TUI
mode and roll back to use stdio mode; but the flag 'c2c.use_stdio' is
missed to set true and thus it wrongly applies UI quirks in the function
ui_quirks().
This commit forces to use stdio interface if slang is not supported, and
it can avoid to apply the UI quirks and show the correct metric header.
Before:
=================================================
Shared Cache Line Distribution Pareto
=================================================
-------------------------------------------------------------------------------
0 0 0 99 0 0 0 0xaaaac17d6000
-------------------------------------------------------------------------------
0.00% 0.00% 6.06% 0.00% 0.00% 0.00% 0x20 N/A 0 0xaaaac17c25ac 0 0 43 375 18469 2 [.] 0x00000000000025ac memstress memstress[25ac] 0
0.00% 0.00% 93.94% 0.00% 0.00% 0.00% 0x29 N/A 0 0xaaaac17c3e88 0 0 173 180 135 2 [.] 0x0000000000003e88 memstress memstress[3e88] 0
After:
=================================================
Shared Cache Line Distribution Pareto
=================================================
-------------------------------------------------------------------------------
0 0 0 99 0 0 0 0xaaaac17d6000
-------------------------------------------------------------------------------
0.00% 0.00% 6.06% 0.00% 0.00% 0.00% 0x20 N/A 0 0xaaaac17c25ac 0 0 43 375 18469 2 [.] 0x00000000000025ac memstress memstress[25ac] 0
0.00% 0.00% 93.94% 0.00% 0.00% 0.00% 0x29 N/A 0 0xaaaac17c3e88 0 0 173 180 135 2 [.] 0x0000000000003e88 memstress memstress[3e88] 0
Fixes: 5a1a99cd2e4e1557 ("perf c2c report: Add main TUI browser")
Reported-by: Joe Mario <jmario@redhat.com>
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lore.kernel.org/lkml/20220526145400.611249-1-leo.yan@linaro.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-c2c.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tools/perf/builtin-c2c.c b/tools/perf/builtin-c2c.c
index d5bea5d3cd51..7f7111d4b3ad 100644
--- a/tools/perf/builtin-c2c.c
+++ b/tools/perf/builtin-c2c.c
@@ -2694,9 +2694,7 @@ static int perf_c2c__report(int argc, const char **argv)
"the input file to process"),
OPT_INCR('N', "node-info", &c2c.node_info,
"show extra node info in report (repeat for more info)"),
-#ifdef HAVE_SLANG_SUPPORT
OPT_BOOLEAN(0, "stdio", &c2c.use_stdio, "Use the stdio interface"),
-#endif
OPT_BOOLEAN(0, "stats", &c2c.stats_only,
"Display only statistic tables (implies --stdio)"),
OPT_BOOLEAN(0, "full-symbols", &c2c.symbol_full,
@@ -2725,6 +2723,10 @@ static int perf_c2c__report(int argc, const char **argv)
if (argc)
usage_with_options(report_c2c_usage, options);
+#ifndef HAVE_SLANG_SUPPORT
+ c2c.use_stdio = true;
+#endif
+
if (c2c.stats_only)
c2c.use_stdio = true;
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 343/452] perf jevents: Fix event syntax error caused by ExtSel
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (341 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 342/452] perf c2c: Use stdio interface if slang is not supported Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 344/452] f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() Greg Kroah-Hartman
` (114 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kan Liang, Xing Zhengjun, Ian Rogers,
Adrian Hunter, Alexander Shishkin, Andi Kleen, Ingo Molnar,
Jiri Olsa, Peter Zijlstra, Arnaldo Carvalho de Melo, Sasha Levin
From: Zhengjun Xing <zhengjun.xing@linux.intel.com>
[ Upstream commit f4df0dbbe62ee8e4405a57b27ccd54393971c773 ]
In the origin code, when "ExtSel" is 1, the eventcode will change to
"eventcode |= 1 << 21”. For event “UNC_Q_RxL_CREDITS_CONSUMED_VN0.DRS",
its "ExtSel" is "1", its eventcode will change from 0x1E to 0x20001E,
but in fact the eventcode should <=0x1FF, so this will cause the parse
fail:
# perf stat -e "UNC_Q_RxL_CREDITS_CONSUMED_VN0.DRS" -a sleep 0.1
event syntax error: '.._RxL_CREDITS_CONSUMED_VN0.DRS'
\___ value too big for format, maximum is 511
On the perf kernel side, the kernel assumes the valid bits are continuous.
It will adjust the 0x100 (bit 8 for perf tool) to bit 21 in HW.
DEFINE_UNCORE_FORMAT_ATTR(event_ext, event, "config:0-7,21");
So the perf tool follows the kernel side and just set bit8 other than bit21.
Fixes: fedb2b518239cbc0 ("perf jevents: Add support for parsing uncore json files")
Reviewed-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Xing Zhengjun <zhengjun.xing@linux.intel.com>
Acked-by: Ian Rogers <irogers@google.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20220525140410.1706851-1-zhengjun.xing@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/pmu-events/jevents.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/pmu-events/jevents.c b/tools/perf/pmu-events/jevents.c
index c679a79aef51..1f20f587e053 100644
--- a/tools/perf/pmu-events/jevents.c
+++ b/tools/perf/pmu-events/jevents.c
@@ -579,7 +579,7 @@ static int json_events(const char *fn,
} else if (json_streq(map, field, "ExtSel")) {
char *code = NULL;
addfield(map, &code, "", "", val);
- eventcode |= strtoul(code, NULL, 0) << 21;
+ eventcode |= strtoul(code, NULL, 0) << 8;
free(code);
} else if (json_streq(map, field, "EventName")) {
addfield(map, &je.name, "", "", val);
--
2.35.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 344/452] f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (342 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 343/452] perf jevents: Fix event syntax error caused by ExtSel Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 345/452] f2fs: fix to do sanity check on block address in f2fs_do_zero_range() Greg Kroah-Hartman
` (113 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ming Yan, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit 4d17e6fe9293d57081ffdc11e1cf313e25e8fd9e upstream.
As Yanming reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=215897
I have encountered a bug in F2FS file system in kernel v5.17.
The kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can
reproduce the bug by running the following commands:
The kernel message is shown below:
kernel BUG at fs/f2fs/f2fs.h:2511!
Call Trace:
f2fs_remove_inode_page+0x2a2/0x830
f2fs_evict_inode+0x9b7/0x1510
evict+0x282/0x4e0
do_unlinkat+0x33a/0x540
__x64_sys_unlinkat+0x8e/0xd0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
The root cause is: .total_valid_block_count or .total_valid_node_count
could fuzzed to zero, then once dec_valid_node_count() was called, it
will cause BUG_ON(), this patch fixes to print warning info and set
SBI_NEED_FSCK into CP instead of panic.
Cc: stable@vger.kernel.org
Reported-by: Ming Yan <yanming@tju.edu.cn>
Signed-off-by: Chao Yu <chao.yu@oppo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/f2fs.h | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -2284,11 +2284,17 @@ static inline void dec_valid_node_count(
{
spin_lock(&sbi->stat_lock);
- f2fs_bug_on(sbi, !sbi->total_valid_block_count);
- f2fs_bug_on(sbi, !sbi->total_valid_node_count);
+ if (unlikely(!sbi->total_valid_block_count ||
+ !sbi->total_valid_node_count)) {
+ f2fs_warn(sbi, "dec_valid_node_count: inconsistent block counts, total_valid_block:%u, total_valid_node:%u",
+ sbi->total_valid_block_count,
+ sbi->total_valid_node_count);
+ set_sbi_flag(sbi, SBI_NEED_FSCK);
+ } else {
+ sbi->total_valid_block_count--;
+ sbi->total_valid_node_count--;
+ }
- sbi->total_valid_node_count--;
- sbi->total_valid_block_count--;
if (sbi->reserved_blocks &&
sbi->current_reserved_blocks < sbi->reserved_blocks)
sbi->current_reserved_blocks++;
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 345/452] f2fs: fix to do sanity check on block address in f2fs_do_zero_range()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (343 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 344/452] f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 346/452] f2fs: fix to clear dirty inode in f2fs_evict_inode() Greg Kroah-Hartman
` (112 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ming Yan, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit 25f8236213a91efdf708b9d77e9e51b6fc3e141c upstream.
As Yanming reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=215894
I have encountered a bug in F2FS file system in kernel v5.17.
I have uploaded the system call sequence as case.c, and a fuzzed image can
be found in google net disk
The kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can
reproduce the bug by running the following commands:
kernel BUG at fs/f2fs/segment.c:2291!
Call Trace:
f2fs_invalidate_blocks+0x193/0x2d0
f2fs_fallocate+0x2593/0x4a70
vfs_fallocate+0x2a5/0xac0
ksys_fallocate+0x35/0x70
__x64_sys_fallocate+0x8e/0xf0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
The root cause is, after image was fuzzed, block mapping info in inode
will be inconsistent with SIT table, so in f2fs_fallocate(), it will cause
panic when updating SIT with invalid blkaddr.
Let's fix the issue by adding sanity check on block address before updating
SIT table with it.
Cc: stable@vger.kernel.org
Reported-by: Ming Yan <yanming@tju.edu.cn>
Signed-off-by: Chao Yu <chao.yu@oppo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/file.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -1413,11 +1413,19 @@ static int f2fs_do_zero_range(struct dno
ret = -ENOSPC;
break;
}
- if (dn->data_blkaddr != NEW_ADDR) {
- f2fs_invalidate_blocks(sbi, dn->data_blkaddr);
- dn->data_blkaddr = NEW_ADDR;
- f2fs_set_data_blkaddr(dn);
+
+ if (dn->data_blkaddr == NEW_ADDR)
+ continue;
+
+ if (!f2fs_is_valid_blkaddr(sbi, dn->data_blkaddr,
+ DATA_GENERIC_ENHANCE)) {
+ ret = -EFSCORRUPTED;
+ break;
}
+
+ f2fs_invalidate_blocks(sbi, dn->data_blkaddr);
+ dn->data_blkaddr = NEW_ADDR;
+ f2fs_set_data_blkaddr(dn);
}
f2fs_update_extent_cache_range(dn, start, 0, index - start);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 346/452] f2fs: fix to clear dirty inode in f2fs_evict_inode()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (344 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 345/452] f2fs: fix to do sanity check on block address in f2fs_do_zero_range() Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 347/452] f2fs: fix deadloop in foreground GC Greg Kroah-Hartman
` (111 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ming Yan, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit f2db71053dc0409fae785096ad19cce4c8a95af7 upstream.
As Yanming reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=215904
The kernel message is shown below:
kernel BUG at fs/f2fs/inode.c:825!
Call Trace:
evict+0x282/0x4e0
__dentry_kill+0x2b2/0x4d0
shrink_dentry_list+0x17c/0x4f0
shrink_dcache_parent+0x143/0x1e0
do_one_tree+0x9/0x30
shrink_dcache_for_umount+0x51/0x120
generic_shutdown_super+0x5c/0x3a0
kill_block_super+0x90/0xd0
kill_f2fs_super+0x225/0x310
deactivate_locked_super+0x78/0xc0
cleanup_mnt+0x2b7/0x480
task_work_run+0xc8/0x150
exit_to_user_mode_prepare+0x14a/0x150
syscall_exit_to_user_mode+0x1d/0x40
do_syscall_64+0x48/0x90
The root cause is: inode node and dnode node share the same nid,
so during f2fs_evict_inode(), dnode node truncation will invalidate
its NAT entry, so when truncating inode node, it fails due to
invalid NAT entry, result in inode is still marked as dirty, fix
this issue by clearing dirty for inode and setting SBI_NEED_FSCK
flag in filesystem.
output from dump.f2fs:
[print_node_info: 354] Node ID [0xf:15] is inode
i_nid[0] [0x f : 15]
Cc: stable@vger.kernel.org
Reported-by: Ming Yan <yanming@tju.edu.cn>
Signed-off-by: Chao Yu <chao.yu@oppo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/inode.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
--- a/fs/f2fs/inode.c
+++ b/fs/f2fs/inode.c
@@ -757,8 +757,22 @@ retry:
f2fs_lock_op(sbi);
err = f2fs_remove_inode_page(inode);
f2fs_unlock_op(sbi);
- if (err == -ENOENT)
+ if (err == -ENOENT) {
err = 0;
+
+ /*
+ * in fuzzed image, another node may has the same
+ * block address as inode's, if it was truncated
+ * previously, truncation of inode node will fail.
+ */
+ if (is_inode_flag_set(inode, FI_DIRTY_INODE)) {
+ f2fs_warn(F2FS_I_SB(inode),
+ "f2fs_evict_inode: inconsistent node id, ino:%lu",
+ inode->i_ino);
+ f2fs_inode_synced(inode);
+ set_sbi_flag(sbi, SBI_NEED_FSCK);
+ }
+ }
}
/* give more chances, if ENOMEM case */
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 347/452] f2fs: fix deadloop in foreground GC
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (345 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 346/452] f2fs: fix to clear dirty inode in f2fs_evict_inode() Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 348/452] f2fs: dont need inode lock for system hidden quota Greg Kroah-Hartman
` (110 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ming Yan, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit cfd66bb715fd11fde3338d0660cffa1396adc27d upstream.
As Yanming reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=215914
The root cause is: in a very small sized image, it's very easy to
exceed threshold of foreground GC, if we calculate free space and
dirty data based on section granularity, in corner case,
has_not_enough_free_secs() will always return true, result in
deadloop in f2fs_gc().
So this patch refactors has_not_enough_free_secs() as below to fix
this issue:
1. calculate needed space based on block granularity, and separate
all blocks to two parts, section part, and block part, comparing
section part to free section, and comparing block part to free space
in openned log.
2. account F2FS_DIRTY_NODES, F2FS_DIRTY_IMETA and F2FS_DIRTY_DENTS
as node block consumer;
3. account F2FS_DIRTY_DENTS as data block consumer;
Cc: stable@vger.kernel.org
Reported-by: Ming Yan <yanming@tju.edu.cn>
Signed-off-by: Chao Yu <chao.yu@oppo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/segment.h | 32 ++++++++++++++++++++------------
1 file changed, 20 insertions(+), 12 deletions(-)
--- a/fs/f2fs/segment.h
+++ b/fs/f2fs/segment.h
@@ -573,11 +573,10 @@ static inline int reserved_sections(stru
return GET_SEC_FROM_SEG(sbi, reserved_segments(sbi));
}
-static inline bool has_curseg_enough_space(struct f2fs_sb_info *sbi)
+static inline bool has_curseg_enough_space(struct f2fs_sb_info *sbi,
+ unsigned int node_blocks, unsigned int dent_blocks)
{
- unsigned int node_blocks = get_pages(sbi, F2FS_DIRTY_NODES) +
- get_pages(sbi, F2FS_DIRTY_DENTS);
- unsigned int dent_blocks = get_pages(sbi, F2FS_DIRTY_DENTS);
+
unsigned int segno, left_blocks;
int i;
@@ -603,19 +602,28 @@ static inline bool has_curseg_enough_spa
static inline bool has_not_enough_free_secs(struct f2fs_sb_info *sbi,
int freed, int needed)
{
- int node_secs = get_blocktype_secs(sbi, F2FS_DIRTY_NODES);
- int dent_secs = get_blocktype_secs(sbi, F2FS_DIRTY_DENTS);
- int imeta_secs = get_blocktype_secs(sbi, F2FS_DIRTY_IMETA);
+ unsigned int total_node_blocks = get_pages(sbi, F2FS_DIRTY_NODES) +
+ get_pages(sbi, F2FS_DIRTY_DENTS) +
+ get_pages(sbi, F2FS_DIRTY_IMETA);
+ unsigned int total_dent_blocks = get_pages(sbi, F2FS_DIRTY_DENTS);
+ unsigned int node_secs = total_node_blocks / BLKS_PER_SEC(sbi);
+ unsigned int dent_secs = total_dent_blocks / BLKS_PER_SEC(sbi);
+ unsigned int node_blocks = total_node_blocks % BLKS_PER_SEC(sbi);
+ unsigned int dent_blocks = total_dent_blocks % BLKS_PER_SEC(sbi);
+ unsigned int free, need_lower, need_upper;
if (unlikely(is_sbi_flag_set(sbi, SBI_POR_DOING)))
return false;
- if (free_sections(sbi) + freed == reserved_sections(sbi) + needed &&
- has_curseg_enough_space(sbi))
+ free = free_sections(sbi) + freed;
+ need_lower = node_secs + dent_secs + reserved_sections(sbi) + needed;
+ need_upper = need_lower + (node_blocks ? 1 : 0) + (dent_blocks ? 1 : 0);
+
+ if (free > need_upper)
return false;
- return (free_sections(sbi) + freed) <=
- (node_secs + 2 * dent_secs + imeta_secs +
- reserved_sections(sbi) + needed);
+ else if (free <= need_lower)
+ return true;
+ return !has_curseg_enough_space(sbi, node_blocks, dent_blocks);
}
static inline bool f2fs_is_checkpoint_ready(struct f2fs_sb_info *sbi)
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 348/452] f2fs: dont need inode lock for system hidden quota
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (346 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 347/452] f2fs: fix deadloop in foreground GC Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 349/452] f2fs: fix to do sanity check on total_data_blocks Greg Kroah-Hartman
` (109 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jaegeuk Kim
From: Jaegeuk Kim <jaegeuk@kernel.org>
commit 6213f5d4d23c50d393a31dc8e351e63a1fd10dbe upstream.
Let's avoid false-alarmed lockdep warning.
[ 58.914674] [T1501146] -> #2 (&sb->s_type->i_mutex_key#20){+.+.}-{3:3}:
[ 58.915975] [T1501146] system_server: down_write+0x7c/0xe0
[ 58.916738] [T1501146] system_server: f2fs_quota_sync+0x60/0x1a8
[ 58.917563] [T1501146] system_server: block_operations+0x16c/0x43c
[ 58.918410] [T1501146] system_server: f2fs_write_checkpoint+0x114/0x318
[ 58.919312] [T1501146] system_server: f2fs_issue_checkpoint+0x178/0x21c
[ 58.920214] [T1501146] system_server: f2fs_sync_fs+0x48/0x6c
[ 58.920999] [T1501146] system_server: f2fs_do_sync_file+0x334/0x738
[ 58.921862] [T1501146] system_server: f2fs_sync_file+0x30/0x48
[ 58.922667] [T1501146] system_server: __arm64_sys_fsync+0x84/0xf8
[ 58.923506] [T1501146] system_server: el0_svc_common.llvm.12821150825140585682+0xd8/0x20c
[ 58.924604] [T1501146] system_server: do_el0_svc+0x28/0xa0
[ 58.925366] [T1501146] system_server: el0_svc+0x24/0x38
[ 58.926094] [T1501146] system_server: el0_sync_handler+0x88/0xec
[ 58.926920] [T1501146] system_server: el0_sync+0x1b4/0x1c0
[ 58.927681] [T1501146] -> #1 (&sbi->cp_global_sem){+.+.}-{3:3}:
[ 58.928889] [T1501146] system_server: down_write+0x7c/0xe0
[ 58.929650] [T1501146] system_server: f2fs_write_checkpoint+0xbc/0x318
[ 58.930541] [T1501146] system_server: f2fs_issue_checkpoint+0x178/0x21c
[ 58.931443] [T1501146] system_server: f2fs_sync_fs+0x48/0x6c
[ 58.932226] [T1501146] system_server: sync_filesystem+0xac/0x130
[ 58.933053] [T1501146] system_server: generic_shutdown_super+0x38/0x150
[ 58.933958] [T1501146] system_server: kill_block_super+0x24/0x58
[ 58.934791] [T1501146] system_server: kill_f2fs_super+0xcc/0x124
[ 58.935618] [T1501146] system_server: deactivate_locked_super+0x90/0x120
[ 58.936529] [T1501146] system_server: deactivate_super+0x74/0xac
[ 58.937356] [T1501146] system_server: cleanup_mnt+0x128/0x168
[ 58.938150] [T1501146] system_server: __cleanup_mnt+0x18/0x28
[ 58.938944] [T1501146] system_server: task_work_run+0xb8/0x14c
[ 58.939749] [T1501146] system_server: do_notify_resume+0x114/0x1e8
[ 58.940595] [T1501146] system_server: work_pending+0xc/0x5f0
[ 58.941375] [T1501146] -> #0 (&sbi->gc_lock){+.+.}-{3:3}:
[ 58.942519] [T1501146] system_server: __lock_acquire+0x1270/0x2868
[ 58.943366] [T1501146] system_server: lock_acquire+0x114/0x294
[ 58.944169] [T1501146] system_server: down_write+0x7c/0xe0
[ 58.944930] [T1501146] system_server: f2fs_issue_checkpoint+0x13c/0x21c
[ 58.945831] [T1501146] system_server: f2fs_sync_fs+0x48/0x6c
[ 58.946614] [T1501146] system_server: f2fs_do_sync_file+0x334/0x738
[ 58.947472] [T1501146] system_server: f2fs_ioc_commit_atomic_write+0xc8/0x14c
[ 58.948439] [T1501146] system_server: __f2fs_ioctl+0x674/0x154c
[ 58.949253] [T1501146] system_server: f2fs_ioctl+0x54/0x88
[ 58.950018] [T1501146] system_server: __arm64_sys_ioctl+0xa8/0x110
[ 58.950865] [T1501146] system_server: el0_svc_common.llvm.12821150825140585682+0xd8/0x20c
[ 58.951965] [T1501146] system_server: do_el0_svc+0x28/0xa0
[ 58.952727] [T1501146] system_server: el0_svc+0x24/0x38
[ 58.953454] [T1501146] system_server: el0_sync_handler+0x88/0xec
[ 58.954279] [T1501146] system_server: el0_sync+0x1b4/0x1c0
Cc: stable@vger.kernel.org
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/super.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -2292,7 +2292,8 @@ int f2fs_quota_sync(struct super_block *
if (!sb_has_quota_active(sb, cnt))
continue;
- inode_lock(dqopt->files[cnt]);
+ if (!f2fs_sb_has_quota_ino(sbi))
+ inode_lock(dqopt->files[cnt]);
/*
* do_quotactl
@@ -2311,7 +2312,8 @@ int f2fs_quota_sync(struct super_block *
up_read(&sbi->quota_sem);
f2fs_unlock_op(sbi);
- inode_unlock(dqopt->files[cnt]);
+ if (!f2fs_sb_has_quota_ino(sbi))
+ inode_unlock(dqopt->files[cnt]);
if (ret)
break;
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 349/452] f2fs: fix to do sanity check on total_data_blocks
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (347 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 348/452] f2fs: dont need inode lock for system hidden quota Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 350/452] f2fs: fix fallocate to use file_modified to update permissions consistently Greg Kroah-Hartman
` (108 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ming Yan, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit 6b8beca0edd32075a769bfe4178ca00c0dcd22a9 upstream.
As Yanming reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=215916
The kernel message is shown below:
kernel BUG at fs/f2fs/segment.c:2560!
Call Trace:
allocate_segment_by_default+0x228/0x440
f2fs_allocate_data_block+0x13d1/0x31f0
do_write_page+0x18d/0x710
f2fs_outplace_write_data+0x151/0x250
f2fs_do_write_data_page+0xef9/0x1980
move_data_page+0x6af/0xbc0
do_garbage_collect+0x312f/0x46f0
f2fs_gc+0x6b0/0x3bc0
f2fs_balance_fs+0x921/0x2260
f2fs_write_single_data_page+0x16be/0x2370
f2fs_write_cache_pages+0x428/0xd00
f2fs_write_data_pages+0x96e/0xd50
do_writepages+0x168/0x550
__writeback_single_inode+0x9f/0x870
writeback_sb_inodes+0x47d/0xb20
__writeback_inodes_wb+0xb2/0x200
wb_writeback+0x4bd/0x660
wb_workfn+0x5f3/0xab0
process_one_work+0x79f/0x13e0
worker_thread+0x89/0xf60
kthread+0x26a/0x300
ret_from_fork+0x22/0x30
RIP: 0010:new_curseg+0xe8d/0x15f0
The root cause is: ckpt.valid_block_count is inconsistent with SIT table,
stat info indicates filesystem has free blocks, but SIT table indicates
filesystem has no free segment.
So that during garbage colloection, it triggers panic when LFS allocator
fails to find free segment.
This patch tries to fix this issue by checking consistency in between
ckpt.valid_block_count and block accounted from SIT.
Cc: stable@vger.kernel.org
Reported-by: Ming Yan <yanming@tju.edu.cn>
Signed-off-by: Chao Yu <chao.yu@oppo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/f2fs.h | 4 ++--
fs/f2fs/segment.c | 33 ++++++++++++++++++++++-----------
fs/f2fs/segment.h | 1 +
3 files changed, 25 insertions(+), 13 deletions(-)
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -1021,8 +1021,8 @@ enum count_type {
*/
#define PAGE_TYPE_OF_BIO(type) ((type) > META ? META : (type))
enum page_type {
- DATA,
- NODE,
+ DATA = 0,
+ NODE = 1, /* should not change this */
META,
NR_PAGE_TYPE,
META_FLUSH,
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -4423,7 +4423,7 @@ static int build_sit_entries(struct f2fs
unsigned int i, start, end;
unsigned int readed, start_blk = 0;
int err = 0;
- block_t total_node_blocks = 0;
+ block_t sit_valid_blocks[2] = {0, 0};
do {
readed = f2fs_ra_meta_pages(sbi, start_blk, BIO_MAX_PAGES,
@@ -4448,8 +4448,8 @@ static int build_sit_entries(struct f2fs
if (err)
return err;
seg_info_from_raw_sit(se, &sit);
- if (IS_NODESEG(se->type))
- total_node_blocks += se->valid_blocks;
+
+ sit_valid_blocks[SE_PAGETYPE(se)] += se->valid_blocks;
/* build discard map only one time */
if (is_set_ckpt_flags(sbi, CP_TRIMMED_FLAG)) {
@@ -4487,15 +4487,15 @@ static int build_sit_entries(struct f2fs
sit = sit_in_journal(journal, i);
old_valid_blocks = se->valid_blocks;
- if (IS_NODESEG(se->type))
- total_node_blocks -= old_valid_blocks;
+
+ sit_valid_blocks[SE_PAGETYPE(se)] -= old_valid_blocks;
err = check_block_count(sbi, start, &sit);
if (err)
break;
seg_info_from_raw_sit(se, &sit);
- if (IS_NODESEG(se->type))
- total_node_blocks += se->valid_blocks;
+
+ sit_valid_blocks[SE_PAGETYPE(se)] += se->valid_blocks;
if (is_set_ckpt_flags(sbi, CP_TRIMMED_FLAG)) {
memset(se->discard_map, 0xff, SIT_VBLOCK_MAP_SIZE);
@@ -4515,13 +4515,24 @@ static int build_sit_entries(struct f2fs
}
up_read(&curseg->journal_rwsem);
- if (!err && total_node_blocks != valid_node_count(sbi)) {
+ if (err)
+ return err;
+
+ if (sit_valid_blocks[NODE] != valid_node_count(sbi)) {
f2fs_err(sbi, "SIT is corrupted node# %u vs %u",
- total_node_blocks, valid_node_count(sbi));
- err = -EFSCORRUPTED;
+ sit_valid_blocks[NODE], valid_node_count(sbi));
+ return -EFSCORRUPTED;
+ }
+
+ if (sit_valid_blocks[DATA] + sit_valid_blocks[NODE] >
+ valid_user_blocks(sbi)) {
+ f2fs_err(sbi, "SIT is corrupted data# %u %u vs %u",
+ sit_valid_blocks[DATA], sit_valid_blocks[NODE],
+ valid_user_blocks(sbi));
+ return -EFSCORRUPTED;
}
- return err;
+ return 0;
}
static void init_free_segmap(struct f2fs_sb_info *sbi)
--- a/fs/f2fs/segment.h
+++ b/fs/f2fs/segment.h
@@ -24,6 +24,7 @@
#define IS_DATASEG(t) ((t) <= CURSEG_COLD_DATA)
#define IS_NODESEG(t) ((t) >= CURSEG_HOT_NODE && (t) <= CURSEG_COLD_NODE)
+#define SE_PAGETYPE(se) ((IS_NODESEG((se)->type) ? NODE : DATA))
static inline void sanity_check_seg_type(struct f2fs_sb_info *sbi,
unsigned short seg_type)
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 350/452] f2fs: fix fallocate to use file_modified to update permissions consistently
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (348 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 349/452] f2fs: fix to do sanity check on total_data_blocks Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 351/452] f2fs: fix to do sanity check for inline inode Greg Kroah-Hartman
` (107 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, stable, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit 958ed92922028ec67f504dcdc72bfdfd0f43936a upstream.
This patch tries to fix permission consistency issue as all other
mainline filesystems.
Since the initial introduction of (posix) fallocate back at the turn of
the century, it has been possible to use this syscall to change the
user-visible contents of files. This can happen by extending the file
size during a preallocation, or through any of the newer modes (punch,
zero, collapse, insert range). Because the call can be used to change
file contents, we should treat it like we do any other modification to a
file -- update the mtime, and drop set[ug]id privileges/capabilities.
The VFS function file_modified() does all this for us if pass it a
locked inode, so let's make fallocate drop permissions correctly.
Cc: stable@kernel.org
Signed-off-by: Chao Yu <chao.yu@oppo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/file.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -1744,6 +1744,10 @@ static long f2fs_fallocate(struct file *
inode_lock(inode);
+ ret = file_modified(file);
+ if (ret)
+ goto out;
+
if (mode & FALLOC_FL_PUNCH_HOLE) {
if (offset >= inode->i_size)
goto out;
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 351/452] f2fs: fix to do sanity check for inline inode
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (349 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 350/452] f2fs: fix fallocate to use file_modified to update permissions consistently Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 352/452] wifi: mac80211: fix use-after-free in chanctx code Greg Kroah-Hartman
` (106 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ming Yan, Chao Yu, Jaegeuk Kim
From: Chao Yu <chao@kernel.org>
commit 677a82b44ebf263d4f9a0cfbd576a6ade797a07b upstream.
Yanming reported a kernel bug in Bugzilla kernel [1], which can be
reproduced. The bug message is:
The kernel message is shown below:
kernel BUG at fs/inode.c:611!
Call Trace:
evict+0x282/0x4e0
__dentry_kill+0x2b2/0x4d0
dput+0x2dd/0x720
do_renameat2+0x596/0x970
__x64_sys_rename+0x78/0x90
do_syscall_64+0x3b/0x90
[1] https://bugzilla.kernel.org/show_bug.cgi?id=215895
The bug is due to fuzzed inode has both inline_data and encrypted flags.
During f2fs_evict_inode(), as the inode was deleted by rename(), it
will cause inline data conversion due to conflicting flags. The page
cache will be polluted and the panic will be triggered in clear_inode().
Try fixing the bug by doing more sanity checks for inline data inode in
sanity_check_inode().
Cc: stable@vger.kernel.org
Reported-by: Ming Yan <yanming@tju.edu.cn>
Signed-off-by: Chao Yu <chao.yu@oppo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/f2fs/f2fs.h | 1 +
fs/f2fs/inline.c | 29 ++++++++++++++++++++++++-----
fs/f2fs/inode.c | 3 +--
3 files changed, 26 insertions(+), 7 deletions(-)
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -3735,6 +3735,7 @@ extern struct kmem_cache *f2fs_inode_ent
* inline.c
*/
bool f2fs_may_inline_data(struct inode *inode);
+bool f2fs_sanity_check_inline_data(struct inode *inode);
bool f2fs_may_inline_dentry(struct inode *inode);
void f2fs_do_read_inline_data(struct page *page, struct page *ipage);
void f2fs_truncate_inline_inode(struct inode *inode,
--- a/fs/f2fs/inline.c
+++ b/fs/f2fs/inline.c
@@ -14,21 +14,40 @@
#include "node.h"
#include <trace/events/f2fs.h>
-bool f2fs_may_inline_data(struct inode *inode)
+static bool support_inline_data(struct inode *inode)
{
if (f2fs_is_atomic_file(inode))
return false;
-
if (!S_ISREG(inode->i_mode) && !S_ISLNK(inode->i_mode))
return false;
-
if (i_size_read(inode) > MAX_INLINE_DATA(inode))
return false;
+ return true;
+}
+
+bool f2fs_may_inline_data(struct inode *inode)
+{
+ if (!support_inline_data(inode))
+ return false;
+
+ return !f2fs_post_read_required(inode);
+}
- if (f2fs_post_read_required(inode))
+bool f2fs_sanity_check_inline_data(struct inode *inode)
+{
+ if (!f2fs_has_inline_data(inode))
return false;
- return true;
+ if (!support_inline_data(inode))
+ return true;
+
+ /*
+ * used by sanity_check_inode(), when disk layout fields has not
+ * been synchronized to inmem fields.
+ */
+ return (S_ISREG(inode->i_mode) &&
+ (file_is_encrypt(inode) || file_is_verity(inode) ||
+ (F2FS_I(inode)->i_flags & F2FS_COMPR_FL)));
}
bool f2fs_may_inline_dentry(struct inode *inode)
--- a/fs/f2fs/inode.c
+++ b/fs/f2fs/inode.c
@@ -272,8 +272,7 @@ static bool sanity_check_inode(struct in
}
}
- if (f2fs_has_inline_data(inode) &&
- (!S_ISREG(inode->i_mode) && !S_ISLNK(inode->i_mode))) {
+ if (f2fs_sanity_check_inline_data(inode)) {
set_sbi_flag(sbi, SBI_NEED_FSCK);
f2fs_warn(sbi, "%s: inode (ino=%lx, mode=%u) should not have inline_data, run fsck to fix",
__func__, inode->i_ino, inode->i_mode);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 352/452] wifi: mac80211: fix use-after-free in chanctx code
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (350 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 351/452] f2fs: fix to do sanity check for inline inode Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 353/452] iwlwifi: mvm: fix assert 1F04 upon reconfig Greg Kroah-Hartman
` (105 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johannes Berg, Kalle Valo
From: Johannes Berg <johannes.berg@intel.com>
commit 2965c4cdf7ad9ce0796fac5e57debb9519ea721e upstream.
In ieee80211_vif_use_reserved_context(), when we have an
old context and the new context's replace_state is set to
IEEE80211_CHANCTX_REPLACE_NONE, we free the old context
in ieee80211_vif_use_reserved_reassign(). Therefore, we
cannot check the old_ctx anymore, so we should set it to
NULL after this point.
However, since the new_ctx replace state is clearly not
IEEE80211_CHANCTX_REPLACES_OTHER, we're not going to do
anything else in this function and can just return to
avoid accessing the freed old_ctx.
Cc: stable@vger.kernel.org
Fixes: 5bcae31d9cb1 ("mac80211: implement multi-vif in-place reservations")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220601091926.df419d91b165.I17a9b3894ff0b8323ce2afdb153b101124c821e5@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/chan.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
--- a/net/mac80211/chan.c
+++ b/net/mac80211/chan.c
@@ -1652,12 +1652,9 @@ int ieee80211_vif_use_reserved_context(s
if (new_ctx->replace_state == IEEE80211_CHANCTX_REPLACE_NONE) {
if (old_ctx)
- err = ieee80211_vif_use_reserved_reassign(sdata);
- else
- err = ieee80211_vif_use_reserved_assign(sdata);
+ return ieee80211_vif_use_reserved_reassign(sdata);
- if (err)
- return err;
+ return ieee80211_vif_use_reserved_assign(sdata);
}
/*
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 353/452] iwlwifi: mvm: fix assert 1F04 upon reconfig
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (351 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 352/452] wifi: mac80211: fix use-after-free in chanctx code Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 354/452] fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages Greg Kroah-Hartman
` (104 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Emmanuel Grumbach, Gregory Greenman,
Johannes Berg
From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
commit 9d096e3d3061dbf4ee10e2b59fc2c06e05bdb997 upstream.
When we reconfig we must not send the MAC_POWER command that relates to
a MAC that was not yet added to the firmware.
Ignore those in the iterator.
Cc: stable@vger.kernel.org
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20220517120044.ed2ffc8ce732.If786e19512d0da4334a6382ea6148703422c7d7b@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/power.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/power.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/power.c
@@ -621,6 +621,9 @@ static void iwl_mvm_power_get_vifs_itera
struct iwl_power_vifs *power_iterator = _data;
bool active = mvmvif->phy_ctxt && mvmvif->phy_ctxt->id < NUM_PHY_CTX;
+ if (!mvmvif->uploaded)
+ return;
+
switch (ieee80211_vif_type_p2p(vif)) {
case NL80211_IFTYPE_P2P_DEVICE:
break;
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 354/452] fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (352 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 353/452] iwlwifi: mvm: fix assert 1F04 upon reconfig Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 355/452] efi: Do not import certificates from UEFI Secure Boot for T2 Macs Greg Kroah-Hartman
` (103 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhihao Cheng, Jan Kara,
Christoph Hellwig, Jens Axboe
From: Zhihao Cheng <chengzhihao1@huawei.com>
commit 68f4c6eba70df70a720188bce95c85570ddfcc87 upstream.
Commit 505a666ee3fc ("writeback: plug writeback in wb_writeback() and
writeback_inodes_wb()") has us holding a plug during wb_writeback, which
may cause a potential ABBA dead lock:
wb_writeback fat_file_fsync
blk_start_plug(&plug)
for (;;) {
iter i-1: some reqs have been added into plug->mq_list // LOCK A
iter i:
progress = __writeback_inodes_wb(wb, work)
. writeback_sb_inodes // fat's bdev
. __writeback_single_inode
. . generic_writepages
. . __block_write_full_page
. . . . __generic_file_fsync
. . . . sync_inode_metadata
. . . . writeback_single_inode
. . . . __writeback_single_inode
. . . . fat_write_inode
. . . . __fat_write_inode
. . . . sync_dirty_buffer // fat's bdev
. . . . lock_buffer(bh) // LOCK B
. . . . submit_bh
. . . . blk_mq_get_tag // LOCK A
. . . trylock_buffer(bh) // LOCK B
. . . redirty_page_for_writepage
. . . wbc->pages_skipped++
. . --wbc->nr_to_write
. wrote += write_chunk - wbc.nr_to_write // wrote > 0
. requeue_inode
. redirty_tail_locked
if (progress) // progress > 0
continue;
iter i+1:
queue_io
// similar process with iter i, infinite for-loop !
}
blk_finish_plug(&plug) // flush plug won't be called
Above process triggers a hungtask like:
[ 399.044861] INFO: task bb:2607 blocked for more than 30 seconds.
[ 399.046824] Not tainted 5.18.0-rc1-00005-gefae4d9eb6a2-dirty
[ 399.051539] task:bb state:D stack: 0 pid: 2607 ppid:
2426 flags:0x00004000
[ 399.051556] Call Trace:
[ 399.051570] __schedule+0x480/0x1050
[ 399.051592] schedule+0x92/0x1a0
[ 399.051602] io_schedule+0x22/0x50
[ 399.051613] blk_mq_get_tag+0x1d3/0x3c0
[ 399.051640] __blk_mq_alloc_requests+0x21d/0x3f0
[ 399.051657] blk_mq_submit_bio+0x68d/0xca0
[ 399.051674] __submit_bio+0x1b5/0x2d0
[ 399.051708] submit_bio_noacct+0x34e/0x720
[ 399.051718] submit_bio+0x3b/0x150
[ 399.051725] submit_bh_wbc+0x161/0x230
[ 399.051734] __sync_dirty_buffer+0xd1/0x420
[ 399.051744] sync_dirty_buffer+0x17/0x20
[ 399.051750] __fat_write_inode+0x289/0x310
[ 399.051766] fat_write_inode+0x2a/0xa0
[ 399.051783] __writeback_single_inode+0x53c/0x6f0
[ 399.051795] writeback_single_inode+0x145/0x200
[ 399.051803] sync_inode_metadata+0x45/0x70
[ 399.051856] __generic_file_fsync+0xa3/0x150
[ 399.051880] fat_file_fsync+0x1d/0x80
[ 399.051895] vfs_fsync_range+0x40/0xb0
[ 399.051929] __x64_sys_fsync+0x18/0x30
In my test, 'need_resched()' (which is imported by 590dca3a71 "fs-writeback:
unplug before cond_resched in writeback_sb_inodes") in function
'writeback_sb_inodes()' seldom comes true, unless cond_resched() is deleted
from write_cache_pages().
Fix it by correcting wrote number according number of skipped pages
in writeback_sb_inodes().
Goto Link to find a reproducer.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215837
Cc: stable@vger.kernel.org # v4.3
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220510133805.1988292-1-chengzhihao1@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fs-writeback.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
--- a/fs/fs-writeback.c
+++ b/fs/fs-writeback.c
@@ -1650,11 +1650,12 @@ static long writeback_sb_inodes(struct s
};
unsigned long start_time = jiffies;
long write_chunk;
- long wrote = 0; /* count both pages and inodes */
+ long total_wrote = 0; /* count both pages and inodes */
while (!list_empty(&wb->b_io)) {
struct inode *inode = wb_inode(wb->b_io.prev);
struct bdi_writeback *tmp_wb;
+ long wrote;
if (inode->i_sb != sb) {
if (work->sb) {
@@ -1730,7 +1731,9 @@ static long writeback_sb_inodes(struct s
wbc_detach_inode(&wbc);
work->nr_pages -= write_chunk - wbc.nr_to_write;
- wrote += write_chunk - wbc.nr_to_write;
+ wrote = write_chunk - wbc.nr_to_write - wbc.pages_skipped;
+ wrote = wrote < 0 ? 0 : wrote;
+ total_wrote += wrote;
if (need_resched()) {
/*
@@ -1752,7 +1755,7 @@ static long writeback_sb_inodes(struct s
tmp_wb = inode_to_wb_and_lock_list(inode);
spin_lock(&inode->i_lock);
if (!(inode->i_state & I_DIRTY_ALL))
- wrote++;
+ total_wrote++;
requeue_inode(inode, tmp_wb, &wbc);
inode_sync_complete(inode);
spin_unlock(&inode->i_lock);
@@ -1766,14 +1769,14 @@ static long writeback_sb_inodes(struct s
* bail out to wb_writeback() often enough to check
* background threshold and other termination conditions.
*/
- if (wrote) {
+ if (total_wrote) {
if (time_is_before_jiffies(start_time + HZ / 10UL))
break;
if (work->nr_pages <= 0)
break;
}
}
- return wrote;
+ return total_wrote;
}
static long __writeback_inodes_wb(struct bdi_writeback *wb,
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 355/452] efi: Do not import certificates from UEFI Secure Boot for T2 Macs
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (353 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 354/452] fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 356/452] bfq: Split shared queues on move between cgroups Greg Kroah-Hartman
` (102 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Aditya Garg, Mimi Zohar
From: Aditya Garg <gargaditya08@live.com>
commit 155ca952c7ca19aa32ecfb7373a32bbc2e1ec6eb upstream.
On Apple T2 Macs, when Linux attempts to read the db and dbx efi variables
at early boot to load UEFI Secure Boot certificates, a page fault occurs
in Apple firmware code and EFI runtime services are disabled with the
following logs:
[Firmware Bug]: Page fault caused by firmware at PA: 0xffffb1edc0068000
WARNING: CPU: 3 PID: 104 at arch/x86/platform/efi/quirks.c:735 efi_crash_gracefully_on_page_fault+0x50/0xf0
(Removed some logs from here)
Call Trace:
<TASK>
page_fault_oops+0x4f/0x2c0
? search_bpf_extables+0x6b/0x80
? search_module_extables+0x50/0x80
? search_exception_tables+0x5b/0x60
kernelmode_fixup_or_oops+0x9e/0x110
__bad_area_nosemaphore+0x155/0x190
bad_area_nosemaphore+0x16/0x20
do_kern_addr_fault+0x8c/0xa0
exc_page_fault+0xd8/0x180
asm_exc_page_fault+0x1e/0x30
(Removed some logs from here)
? __efi_call+0x28/0x30
? switch_mm+0x20/0x30
? efi_call_rts+0x19a/0x8e0
? process_one_work+0x222/0x3f0
? worker_thread+0x4a/0x3d0
? kthread+0x17a/0x1a0
? process_one_work+0x3f0/0x3f0
? set_kthread_struct+0x40/0x40
? ret_from_fork+0x22/0x30
</TASK>
---[ end trace 1f82023595a5927f ]---
efi: Froze efi_rts_wq and disabled EFI Runtime Services
integrity: Couldn't get size: 0x8000000000000015
integrity: MODSIGN: Couldn't get UEFI db list
efi: EFI Runtime Services are disabled!
integrity: Couldn't get size: 0x8000000000000015
integrity: Couldn't get UEFI dbx list
integrity: Couldn't get size: 0x8000000000000015
integrity: Couldn't get mokx list
integrity: Couldn't get size: 0x80000000
So we avoid reading these UEFI variables and thus prevent the crash.
Cc: stable@vger.kernel.org
Signed-off-by: Aditya Garg <gargaditya08@live.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/platform_certs/keyring_handler.h | 8 ++++
security/integrity/platform_certs/load_uefi.c | 33 ++++++++++++++++++++
2 files changed, 41 insertions(+)
--- a/security/integrity/platform_certs/keyring_handler.h
+++ b/security/integrity/platform_certs/keyring_handler.h
@@ -30,3 +30,11 @@ efi_element_handler_t get_handler_for_db
efi_element_handler_t get_handler_for_dbx(const efi_guid_t *sig_type);
#endif
+
+#ifndef UEFI_QUIRK_SKIP_CERT
+#define UEFI_QUIRK_SKIP_CERT(vendor, product) \
+ .matches = { \
+ DMI_MATCH(DMI_BOARD_VENDOR, vendor), \
+ DMI_MATCH(DMI_PRODUCT_NAME, product), \
+ },
+#endif
--- a/security/integrity/platform_certs/load_uefi.c
+++ b/security/integrity/platform_certs/load_uefi.c
@@ -3,6 +3,7 @@
#include <linux/kernel.h>
#include <linux/sched.h>
#include <linux/cred.h>
+#include <linux/dmi.h>
#include <linux/err.h>
#include <linux/efi.h>
#include <linux/slab.h>
@@ -12,6 +13,31 @@
#include "keyring_handler.h"
/*
+ * On T2 Macs reading the db and dbx efi variables to load UEFI Secure Boot
+ * certificates causes occurrence of a page fault in Apple's firmware and
+ * a crash disabling EFI runtime services. The following quirk skips reading
+ * these variables.
+ */
+static const struct dmi_system_id uefi_skip_cert[] = {
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro15,1") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro15,2") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro15,3") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro15,4") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro16,1") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro16,2") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro16,3") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookPro16,4") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir8,1") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir8,2") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir9,1") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacMini8,1") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacPro7,1") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,1") },
+ { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,2") },
+ { }
+};
+
+/*
* Look to see if a UEFI variable called MokIgnoreDB exists and return true if
* it does.
*
@@ -137,6 +163,13 @@ static int __init load_uefi_certs(void)
unsigned long dbsize = 0, dbxsize = 0, mokxsize = 0;
efi_status_t status;
int rc = 0;
+ const struct dmi_system_id *dmi_id;
+
+ dmi_id = dmi_first_match(uefi_skip_cert);
+ if (dmi_id) {
+ pr_err("Reading UEFI Secure Boot Certs is not supported on T2 Macs.\n");
+ return false;
+ }
if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE))
return false;
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 356/452] bfq: Split shared queues on move between cgroups
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (354 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 355/452] efi: Do not import certificates from UEFI Secure Boot for T2 Macs Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 357/452] bfq: Update cgroup information before merging bio Greg Kroah-Hartman
` (101 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, yukuai (C),
Jan Kara, Christoph Hellwig, Jens Axboe
From: Jan Kara <jack@suse.cz>
commit 3bc5e683c67d94bd839a1da2e796c15847b51b69 upstream.
When bfqq is shared by multiple processes it can happen that one of the
processes gets moved to a different cgroup (or just starts submitting IO
for different cgroup). In case that happens we need to split the merged
bfqq as otherwise we will have IO for multiple cgroups in one bfqq and
we will just account IO time to wrong entities etc.
Similarly if the bfqq is scheduled to merge with another bfqq but the
merge didn't happen yet, cancel the merge as it need not be valid
anymore.
CC: stable@vger.kernel.org
Fixes: e21b7a0b9887 ("block, bfq: add full hierarchical scheduling and cgroups support")
Tested-by: "yukuai (C)" <yukuai3@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220401102752.8599-3-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bfq-cgroup.c | 36 +++++++++++++++++++++++++++++++++---
block/bfq-iosched.c | 2 +-
block/bfq-iosched.h | 1 +
3 files changed, 35 insertions(+), 4 deletions(-)
--- a/block/bfq-cgroup.c
+++ b/block/bfq-cgroup.c
@@ -725,9 +725,39 @@ static struct bfq_group *__bfq_bic_chang
}
if (sync_bfqq) {
- entity = &sync_bfqq->entity;
- if (entity->sched_data != &bfqg->sched_data)
- bfq_bfqq_move(bfqd, sync_bfqq, bfqg);
+ if (!sync_bfqq->new_bfqq && !bfq_bfqq_coop(sync_bfqq)) {
+ /* We are the only user of this bfqq, just move it */
+ if (sync_bfqq->entity.sched_data != &bfqg->sched_data)
+ bfq_bfqq_move(bfqd, sync_bfqq, bfqg);
+ } else {
+ struct bfq_queue *bfqq;
+
+ /*
+ * The queue was merged to a different queue. Check
+ * that the merge chain still belongs to the same
+ * cgroup.
+ */
+ for (bfqq = sync_bfqq; bfqq; bfqq = bfqq->new_bfqq)
+ if (bfqq->entity.sched_data !=
+ &bfqg->sched_data)
+ break;
+ if (bfqq) {
+ /*
+ * Some queue changed cgroup so the merge is
+ * not valid anymore. We cannot easily just
+ * cancel the merge (by clearing new_bfqq) as
+ * there may be other processes using this
+ * queue and holding refs to all queues below
+ * sync_bfqq->new_bfqq. Similarly if the merge
+ * already happened, we need to detach from
+ * bfqq now so that we cannot merge bio to a
+ * request from the old cgroup.
+ */
+ bfq_put_cooperator(sync_bfqq);
+ bfq_release_process_ref(bfqd, sync_bfqq);
+ bic_set_bfqq(bic, NULL, 1);
+ }
+ }
}
return bfqg;
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -4917,7 +4917,7 @@ void bfq_put_queue(struct bfq_queue *bfq
bfqg_and_blkg_put(bfqg);
}
-static void bfq_put_cooperator(struct bfq_queue *bfqq)
+void bfq_put_cooperator(struct bfq_queue *bfqq)
{
struct bfq_queue *__bfqq, *next;
--- a/block/bfq-iosched.h
+++ b/block/bfq-iosched.h
@@ -954,6 +954,7 @@ void bfq_weights_tree_remove(struct bfq_
void bfq_bfqq_expire(struct bfq_data *bfqd, struct bfq_queue *bfqq,
bool compensate, enum bfqq_expiration reason);
void bfq_put_queue(struct bfq_queue *bfqq);
+void bfq_put_cooperator(struct bfq_queue *bfqq);
void bfq_end_wr_async_queues(struct bfq_data *bfqd, struct bfq_group *bfqg);
void bfq_release_process_ref(struct bfq_data *bfqd, struct bfq_queue *bfqq);
void bfq_schedule_dispatch(struct bfq_data *bfqd);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 357/452] bfq: Update cgroup information before merging bio
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (355 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 356/452] bfq: Split shared queues on move between cgroups Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 358/452] bfq: Track whether bfq_group is still online Greg Kroah-Hartman
` (100 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, yukuai (C),
Jan Kara, Christoph Hellwig, Jens Axboe
From: Jan Kara <jack@suse.cz>
commit ea591cd4eb270393810e7be01feb8fde6a34fbbe upstream.
When the process is migrated to a different cgroup (or in case of
writeback just starts submitting bios associated with a different
cgroup) bfq_merge_bio() can operate with stale cgroup information in
bic. Thus the bio can be merged to a request from a different cgroup or
it can result in merging of bfqqs for different cgroups or bfqqs of
already dead cgroups and causing possible use-after-free issues. Fix the
problem by updating cgroup information in bfq_merge_bio().
CC: stable@vger.kernel.org
Fixes: e21b7a0b9887 ("block, bfq: add full hierarchical scheduling and cgroups support")
Tested-by: "yukuai (C)" <yukuai3@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220401102752.8599-4-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bfq-iosched.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -2227,10 +2227,17 @@ static bool bfq_bio_merge(struct request
spin_lock_irq(&bfqd->lock);
- if (bic)
+ if (bic) {
+ /*
+ * Make sure cgroup info is uptodate for current process before
+ * considering the merge.
+ */
+ bfq_bic_update_cgroup(bic, bio);
+
bfqd->bio_bfqq = bic_to_bfqq(bic, op_is_sync(bio->bi_opf));
- else
+ } else {
bfqd->bio_bfqq = NULL;
+ }
bfqd->bio_bic = bic;
ret = blk_mq_sched_try_merge(q, bio, nr_segs, &free);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 358/452] bfq: Track whether bfq_group is still online
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (356 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 357/452] bfq: Update cgroup information before merging bio Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 359/452] ext4: fix use-after-free in ext4_rename_dir_prepare Greg Kroah-Hartman
` (99 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, yukuai (C),
Jan Kara, Christoph Hellwig, Jens Axboe
From: Jan Kara <jack@suse.cz>
commit 09f871868080c33992cd6a9b72a5ca49582578fa upstream.
Track whether bfq_group is still online. We cannot rely on
blkcg_gq->online because that gets cleared only after all policies are
offlined and we need something that gets updated already under
bfqd->lock when we are cleaning up our bfq_group to be able to guarantee
that when we see online bfq_group, it will stay online while we are
holding bfqd->lock lock.
CC: stable@vger.kernel.org
Tested-by: "yukuai (C)" <yukuai3@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220401102752.8599-7-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bfq-cgroup.c | 3 ++-
block/bfq-iosched.h | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
--- a/block/bfq-cgroup.c
+++ b/block/bfq-cgroup.c
@@ -553,6 +553,7 @@ static void bfq_pd_init(struct blkg_poli
*/
bfqg->bfqd = bfqd;
bfqg->active_entities = 0;
+ bfqg->online = true;
bfqg->rq_pos_tree = RB_ROOT;
}
@@ -599,7 +600,6 @@ struct bfq_group *bfq_find_set_group(str
struct bfq_entity *entity;
bfqg = bfq_lookup_bfqg(bfqd, blkcg);
-
if (unlikely(!bfqg))
return NULL;
@@ -961,6 +961,7 @@ static void bfq_pd_offline(struct blkg_p
put_async_queues:
bfq_put_async_queues(bfqd, bfqg);
+ bfqg->online = false;
spin_unlock_irqrestore(&bfqd->lock, flags);
/*
--- a/block/bfq-iosched.h
+++ b/block/bfq-iosched.h
@@ -901,6 +901,8 @@ struct bfq_group {
/* reference counter (see comments in bfq_bic_update_cgroup) */
int ref;
+ /* Is bfq_group still online? */
+ bool online;
struct bfq_entity entity;
struct bfq_sched_data sched_data;
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 359/452] ext4: fix use-after-free in ext4_rename_dir_prepare
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (357 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 358/452] bfq: Track whether bfq_group is still online Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 360/452] ext4: fix warning in ext4_handle_inode_extension Greg Kroah-Hartman
` (98 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ye Bin, Jan Kara, Theodore Tso, stable
From: Ye Bin <yebin10@huawei.com>
commit 0be698ecbe4471fcad80e81ec6a05001421041b3 upstream.
We got issue as follows:
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
ext4_get_first_dir_block: bh->b_data=0xffff88810bee6000 len=34478
ext4_get_first_dir_block: *parent_de=0xffff88810beee6ae bh->b_data=0xffff88810bee6000
ext4_rename_dir_prepare: [1] parent_de=0xffff88810beee6ae
==================================================================
BUG: KASAN: use-after-free in ext4_rename_dir_prepare+0x152/0x220
Read of size 4 at addr ffff88810beee6ae by task rep/1895
CPU: 13 PID: 1895 Comm: rep Not tainted 5.10.0+ #241
Call Trace:
dump_stack+0xbe/0xf9
print_address_description.constprop.0+0x1e/0x220
kasan_report.cold+0x37/0x7f
ext4_rename_dir_prepare+0x152/0x220
ext4_rename+0xf44/0x1ad0
ext4_rename2+0x11c/0x170
vfs_rename+0xa84/0x1440
do_renameat2+0x683/0x8f0
__x64_sys_renameat+0x53/0x60
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f45a6fc41c9
RSP: 002b:00007ffc5a470218 EFLAGS: 00000246 ORIG_RAX: 0000000000000108
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f45a6fc41c9
RDX: 0000000000000005 RSI: 0000000020000180 RDI: 0000000000000005
RBP: 00007ffc5a470240 R08: 00007ffc5a470160 R09: 0000000020000080
R10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000400bb0
R13: 00007ffc5a470320 R14: 0000000000000000 R15: 0000000000000000
The buggy address belongs to the page:
page:00000000440015ce refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x10beee
flags: 0x200000000000000()
raw: 0200000000000000 ffffea00043ff4c8 ffffea0004325608 0000000000000000
raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88810beee580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff88810beee600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff88810beee680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff88810beee700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff88810beee780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
Disabling lock debugging due to kernel taint
ext4_rename_dir_prepare: [2] parent_de->inode=3537895424
ext4_rename_dir_prepare: [3] dir=0xffff888124170140
ext4_rename_dir_prepare: [4] ino=2
ext4_rename_dir_prepare: ent->dir->i_ino=2 parent=-757071872
Reason is first directory entry which 'rec_len' is 34478, then will get illegal
parent entry. Now, we do not check directory entry after read directory block
in 'ext4_get_first_dir_block'.
To solve this issue, check directory entry in 'ext4_get_first_dir_block'.
[ Trigger an ext4_error() instead of just warning if the directory is
missing a '.' or '..' entry. Also make sure we return an error code
if the file system is corrupted. -TYT ]
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220414025223.4113128-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/namei.c | 30 +++++++++++++++++++++++++++---
1 file changed, 27 insertions(+), 3 deletions(-)
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -3500,6 +3500,9 @@ static struct buffer_head *ext4_get_firs
struct buffer_head *bh;
if (!ext4_has_inline_data(inode)) {
+ struct ext4_dir_entry_2 *de;
+ unsigned int offset;
+
/* The first directory block must not be a hole, so
* treat it as DIRENT_HTREE
*/
@@ -3508,9 +3511,30 @@ static struct buffer_head *ext4_get_firs
*retval = PTR_ERR(bh);
return NULL;
}
- *parent_de = ext4_next_entry(
- (struct ext4_dir_entry_2 *)bh->b_data,
- inode->i_sb->s_blocksize);
+
+ de = (struct ext4_dir_entry_2 *) bh->b_data;
+ if (ext4_check_dir_entry(inode, NULL, de, bh, bh->b_data,
+ bh->b_size, 0) ||
+ le32_to_cpu(de->inode) != inode->i_ino ||
+ strcmp(".", de->name)) {
+ EXT4_ERROR_INODE(inode, "directory missing '.'");
+ brelse(bh);
+ *retval = -EFSCORRUPTED;
+ return NULL;
+ }
+ offset = ext4_rec_len_from_disk(de->rec_len,
+ inode->i_sb->s_blocksize);
+ de = ext4_next_entry(de, inode->i_sb->s_blocksize);
+ if (ext4_check_dir_entry(inode, NULL, de, bh, bh->b_data,
+ bh->b_size, offset) ||
+ le32_to_cpu(de->inode) == 0 || strcmp("..", de->name)) {
+ EXT4_ERROR_INODE(inode, "directory missing '..'");
+ brelse(bh);
+ *retval = -EFSCORRUPTED;
+ return NULL;
+ }
+ *parent_de = de;
+
return bh;
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 360/452] ext4: fix warning in ext4_handle_inode_extension
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (358 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 359/452] ext4: fix use-after-free in ext4_rename_dir_prepare Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 361/452] ext4: fix bug_on in ext4_writepages Greg Kroah-Hartman
` (97 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ye Bin, Theodore Tso, stable
From: Ye Bin <yebin10@huawei.com>
commit f4534c9fc94d22383f187b9409abb3f9df2e3db3 upstream.
We got issue as follows:
EXT4-fs error (device loop0) in ext4_reserve_inode_write:5741: Out of memory
EXT4-fs error (device loop0): ext4_setattr:5462: inode #13: comm syz-executor.0: mark_inode_dirty error
EXT4-fs error (device loop0) in ext4_setattr:5519: Out of memory
EXT4-fs error (device loop0): ext4_ind_map_blocks:595: inode #13: comm syz-executor.0: Can't allocate blocks for non-extent mapped inodes with bigalloc
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4361 at fs/ext4/file.c:301 ext4_file_write_iter+0x11c9/0x1220
Modules linked in:
CPU: 1 PID: 4361 Comm: syz-executor.0 Not tainted 5.10.0+ #1
RIP: 0010:ext4_file_write_iter+0x11c9/0x1220
RSP: 0018:ffff924d80b27c00 EFLAGS: 00010282
RAX: ffffffff815a3379 RBX: 0000000000000000 RCX: 000000003b000000
RDX: ffff924d81601000 RSI: 00000000000009cc RDI: 00000000000009cd
RBP: 000000000000000d R08: ffffffffbc5a2c6b R09: 0000902e0e52a96f
R10: ffff902e2b7c1b40 R11: ffff902e2b7c1b40 R12: 000000000000000a
R13: 0000000000000001 R14: ffff902e0e52aa10 R15: ffffffffffffff8b
FS: 00007f81a7f65700(0000) GS:ffff902e3bc80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600400 CR3: 000000012db88001 CR4: 00000000003706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
do_iter_readv_writev+0x2e5/0x360
do_iter_write+0x112/0x4c0
do_pwritev+0x1e5/0x390
__x64_sys_pwritev2+0x7e/0xa0
do_syscall_64+0x37/0x50
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Above issue may happen as follows:
Assume
inode.i_size=4096
EXT4_I(inode)->i_disksize=4096
step 1: set inode->i_isize = 8192
ext4_setattr
if (attr->ia_size != inode->i_size)
EXT4_I(inode)->i_disksize = attr->ia_size;
rc = ext4_mark_inode_dirty
ext4_reserve_inode_write
ext4_get_inode_loc
__ext4_get_inode_loc
sb_getblk --> return -ENOMEM
...
if (!error) ->will not update i_size
i_size_write(inode, attr->ia_size);
Now:
inode.i_size=4096
EXT4_I(inode)->i_disksize=8192
step 2: Direct write 4096 bytes
ext4_file_write_iter
ext4_dio_write_iter
iomap_dio_rw ->return error
if (extend)
ext4_handle_inode_extension
WARN_ON_ONCE(i_size_read(inode) < EXT4_I(inode)->i_disksize);
->Then trigger warning.
To solve above issue, if mark inode dirty failed in ext4_setattr just
set 'EXT4_I(inode)->i_disksize' with old value.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Link: https://lore.kernel.org/r/20220326065351.761952-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -5444,6 +5444,7 @@ int ext4_setattr(struct dentry *dentry,
if (attr->ia_valid & ATTR_SIZE) {
handle_t *handle;
loff_t oldsize = inode->i_size;
+ loff_t old_disksize;
int shrink = (attr->ia_size < inode->i_size);
if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))) {
@@ -5517,6 +5518,7 @@ int ext4_setattr(struct dentry *dentry,
inode->i_sb->s_blocksize_bits);
down_write(&EXT4_I(inode)->i_data_sem);
+ old_disksize = EXT4_I(inode)->i_disksize;
EXT4_I(inode)->i_disksize = attr->ia_size;
rc = ext4_mark_inode_dirty(handle, inode);
if (!error)
@@ -5528,6 +5530,8 @@ int ext4_setattr(struct dentry *dentry,
*/
if (!error)
i_size_write(inode, attr->ia_size);
+ else
+ EXT4_I(inode)->i_disksize = old_disksize;
up_write(&EXT4_I(inode)->i_data_sem);
ext4_journal_stop(handle);
if (error)
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 361/452] ext4: fix bug_on in ext4_writepages
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (359 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 360/452] ext4: fix warning in ext4_handle_inode_extension Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 362/452] ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state Greg Kroah-Hartman
` (96 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Ye Bin, Jan Kara, Theodore Tso
From: Ye Bin <yebin10@huawei.com>
commit ef09ed5d37b84d18562b30cf7253e57062d0db05 upstream.
we got issue as follows:
EXT4-fs error (device loop0): ext4_mb_generate_buddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls
------------[ cut here ]------------
kernel BUG at fs/ext4/inode.c:2708!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 2 PID: 2147 Comm: rep Not tainted 5.18.0-rc2-next-20220413+ #155
RIP: 0010:ext4_writepages+0x1977/0x1c10
RSP: 0018:ffff88811d3e7880 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88811c098000
RDX: 0000000000000000 RSI: ffff88811c098000 RDI: 0000000000000002
RBP: ffff888128140f50 R08: ffffffffb1ff6387 R09: 0000000000000000
R10: 0000000000000007 R11: ffffed10250281ea R12: 0000000000000001
R13: 00000000000000a4 R14: ffff88811d3e7bb8 R15: ffff888128141028
FS: 00007f443aed9740(0000) GS:ffff8883aef00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020007200 CR3: 000000011c2a4000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
do_writepages+0x130/0x3a0
filemap_fdatawrite_wbc+0x83/0xa0
filemap_flush+0xab/0xe0
ext4_alloc_da_blocks+0x51/0x120
__ext4_ioctl+0x1534/0x3210
__x64_sys_ioctl+0x12c/0x170
do_syscall_64+0x3b/0x90
It may happen as follows:
1. write inline_data inode
vfs_write
new_sync_write
ext4_file_write_iter
ext4_buffered_write_iter
generic_perform_write
ext4_da_write_begin
ext4_da_write_inline_data_begin -> If inline data size too
small will allocate block to write, then mapping will has
dirty page
ext4_da_convert_inline_data_to_extent ->clear EXT4_STATE_MAY_INLINE_DATA
2. fallocate
do_vfs_ioctl
ioctl_preallocate
vfs_fallocate
ext4_fallocate
ext4_convert_inline_data
ext4_convert_inline_data_nolock
ext4_map_blocks -> fail will goto restore data
ext4_restore_inline_data
ext4_create_inline_data
ext4_write_inline_data
ext4_set_inode_state -> set inode EXT4_STATE_MAY_INLINE_DATA
3. writepages
__ext4_ioctl
ext4_alloc_da_blocks
filemap_flush
filemap_fdatawrite_wbc
do_writepages
ext4_writepages
if (ext4_has_inline_data(inode))
BUG_ON(ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA))
The root cause of this issue is we destory inline data until call
ext4_writepages under delay allocation mode. But there maybe already
convert from inline to extent. To solve this issue, we call
filemap_flush first..
Cc: stable@kernel.org
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220516122634.1690462-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inline.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -1974,6 +1974,18 @@ int ext4_convert_inline_data(struct inod
if (!ext4_has_inline_data(inode)) {
ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
return 0;
+ } else if (!ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)) {
+ /*
+ * Inode has inline data but EXT4_STATE_MAY_INLINE_DATA is
+ * cleared. This means we are in the middle of moving of
+ * inline data to delay allocated block. Just force writeout
+ * here to finish conversion.
+ */
+ error = filemap_flush(inode->i_mapping);
+ if (error)
+ return error;
+ if (!ext4_has_inline_data(inode))
+ return 0;
}
needed_blocks = ext4_writepage_trans_blocks(inode);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 362/452] ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (360 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 361/452] ext4: fix bug_on in ext4_writepages Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 363/452] ext4: fix bug_on in __es_tree_search Greg Kroah-Hartman
` (95 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Theodore Tso,
syzbot+c7358a3cd05ee786eb31
From: Theodore Ts'o <tytso@mit.edu>
commit c878bea3c9d724ddfa05a813f30de3d25a0ba83f upstream.
The EXT4_FC_REPLAY bit in sbi->s_mount_state is used to indicate that
we are in the middle of replay the fast commit journal. This was
actually a mistake, since the sbi->s_mount_info is initialized from
es->s_state. Arguably s_mount_state is misleadingly named, but the
name is historical --- s_mount_state and s_state dates back to ext2.
What should have been used is the ext4_{set,clear,test}_mount_flag()
inline functions, which sets EXT4_MF_* bits in sbi->s_mount_flags.
The problem with using EXT4_FC_REPLAY is that a maliciously corrupted
superblock could result in EXT4_FC_REPLAY getting set in
s_mount_state. This bypasses some sanity checks, and this can trigger
a BUG() in ext4_es_cache_extent(). As a easy-to-backport-fix, filter
out the EXT4_FC_REPLAY bit for now. We should eventually transition
away from EXT4_FC_REPLAY to something like EXT4_MF_REPLAY.
Cc: stable@kernel.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Link: https://lore.kernel.org/r/20220420192312.1655305-1-phind.uet@gmail.com
Link: https://lore.kernel.org/r/20220517174028.942119-1-tytso@mit.edu
Reported-by: syzbot+c7358a3cd05ee786eb31@syzkaller.appspotmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -4538,7 +4538,7 @@ static int ext4_fill_super(struct super_
sbi->s_inodes_per_block;
sbi->s_desc_per_block = blocksize / EXT4_DESC_SIZE(sb);
sbi->s_sbh = bh;
- sbi->s_mount_state = le16_to_cpu(es->s_state);
+ sbi->s_mount_state = le16_to_cpu(es->s_state) & ~EXT4_FC_REPLAY;
sbi->s_addr_per_block_bits = ilog2(EXT4_ADDR_PER_BLOCK(sb));
sbi->s_desc_per_block_bits = ilog2(EXT4_DESC_PER_BLOCK(sb));
@@ -5998,7 +5998,8 @@ static int ext4_remount(struct super_blo
if (err)
goto restore_opts;
}
- sbi->s_mount_state = le16_to_cpu(es->s_state);
+ sbi->s_mount_state = (le16_to_cpu(es->s_state) &
+ ~EXT4_FC_REPLAY);
err = ext4_setup_super(sb, es, 0);
if (err)
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 363/452] ext4: fix bug_on in __es_tree_search
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (361 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 362/452] ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 364/452] ext4: verify dir block before splitting it Greg Kroah-Hartman
` (94 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Hulk Robot, Baokun Li,
Jan Kara, Theodore Tso
From: Baokun Li <libaokun1@huawei.com>
commit d36f6ed761b53933b0b4126486c10d3da7751e7f upstream.
Hulk Robot reported a BUG_ON:
==================================================================
kernel BUG at fs/ext4/extents_status.c:199!
[...]
RIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline]
RIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_status.c:217
[...]
Call Trace:
ext4_es_cache_extent+0x109/0x340 fs/ext4/extents_status.c:766
ext4_cache_extents+0x239/0x2e0 fs/ext4/extents.c:561
ext4_find_extent+0x6b7/0xa20 fs/ext4/extents.c:964
ext4_ext_map_blocks+0x16b/0x4b70 fs/ext4/extents.c:4384
ext4_map_blocks+0xe26/0x19f0 fs/ext4/inode.c:567
ext4_getblk+0x320/0x4c0 fs/ext4/inode.c:980
ext4_bread+0x2d/0x170 fs/ext4/inode.c:1031
ext4_quota_read+0x248/0x320 fs/ext4/super.c:6257
v2_read_header+0x78/0x110 fs/quota/quota_v2.c:63
v2_check_quota_file+0x76/0x230 fs/quota/quota_v2.c:82
vfs_load_quota_inode+0x5d1/0x1530 fs/quota/dquot.c:2368
dquot_enable+0x28a/0x330 fs/quota/dquot.c:2490
ext4_quota_enable fs/ext4/super.c:6137 [inline]
ext4_enable_quotas+0x5d7/0x960 fs/ext4/super.c:6163
ext4_fill_super+0xa7c9/0xdc00 fs/ext4/super.c:4754
mount_bdev+0x2e9/0x3b0 fs/super.c:1158
mount_fs+0x4b/0x1e4 fs/super.c:1261
[...]
==================================================================
Above issue may happen as follows:
-------------------------------------
ext4_fill_super
ext4_enable_quotas
ext4_quota_enable
ext4_iget
__ext4_iget
ext4_ext_check_inode
ext4_ext_check
__ext4_ext_check
ext4_valid_extent_entries
Check for overlapping extents does't take effect
dquot_enable
vfs_load_quota_inode
v2_check_quota_file
v2_read_header
ext4_quota_read
ext4_bread
ext4_getblk
ext4_map_blocks
ext4_ext_map_blocks
ext4_find_extent
ext4_cache_extents
ext4_es_cache_extent
ext4_es_cache_extent
__es_tree_search
ext4_es_end
BUG_ON(es->es_lblk + es->es_len < es->es_lblk)
The error ext4 extents is as follows:
0af3 0300 0400 0000 00000000 extent_header
00000000 0100 0000 12000000 extent1
00000000 0100 0000 18000000 extent2
02000000 0400 0000 14000000 extent3
In the ext4_valid_extent_entries function,
if prev is 0, no error is returned even if lblock<=prev.
This was intended to skip the check on the first extent, but
in the error image above, prev=0+1-1=0 when checking the second extent,
so even though lblock<=prev, the function does not return an error.
As a result, bug_ON occurs in __es_tree_search and the system panics.
To solve this problem, we only need to check that:
1. The lblock of the first extent is not less than 0.
2. The lblock of the next extent is not less than
the next block of the previous extent.
The same applies to extent_idx.
Cc: stable@kernel.org
Fixes: 5946d089379a ("ext4: check for overlapping extents in ext4_valid_extent_entries()")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220518120816.1541863-1-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/extents.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -371,7 +371,7 @@ static int ext4_valid_extent_entries(str
{
unsigned short entries;
ext4_lblk_t lblock = 0;
- ext4_lblk_t prev = 0;
+ ext4_lblk_t cur = 0;
if (eh->eh_entries == 0)
return 1;
@@ -395,11 +395,11 @@ static int ext4_valid_extent_entries(str
/* Check for overlapping extents */
lblock = le32_to_cpu(ext->ee_block);
- if ((lblock <= prev) && prev) {
+ if (lblock < cur) {
*pblk = ext4_ext_pblock(ext);
return 0;
}
- prev = lblock + ext4_ext_get_actual_len(ext) - 1;
+ cur = lblock + ext4_ext_get_actual_len(ext);
ext++;
entries--;
}
@@ -419,13 +419,13 @@ static int ext4_valid_extent_entries(str
/* Check for overlapping index extents */
lblock = le32_to_cpu(ext_idx->ei_block);
- if ((lblock <= prev) && prev) {
+ if (lblock < cur) {
*pblk = ext4_idx_pblock(ext_idx);
return 0;
}
ext_idx++;
entries--;
- prev = lblock;
+ cur = lblock + 1;
}
}
return 1;
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 364/452] ext4: verify dir block before splitting it
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (362 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 363/452] ext4: fix bug_on in __es_tree_search Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 365/452] ext4: avoid cycles in directory h-tree Greg Kroah-Hartman
` (93 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jan Kara, Theodore Tso
From: Jan Kara <jack@suse.cz>
commit 46c116b920ebec58031f0a78c5ea9599b0d2a371 upstream.
Before splitting a directory block verify its directory entries are sane
so that the splitting code does not access memory it should not.
Cc: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220518093332.13986-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/namei.c | 32 +++++++++++++++++++++-----------
1 file changed, 21 insertions(+), 11 deletions(-)
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -280,9 +280,9 @@ static struct dx_frame *dx_probe(struct
struct dx_hash_info *hinfo,
struct dx_frame *frame);
static void dx_release(struct dx_frame *frames);
-static int dx_make_map(struct inode *dir, struct ext4_dir_entry_2 *de,
- unsigned blocksize, struct dx_hash_info *hinfo,
- struct dx_map_entry map[]);
+static int dx_make_map(struct inode *dir, struct buffer_head *bh,
+ struct dx_hash_info *hinfo,
+ struct dx_map_entry *map_tail);
static void dx_sort_map(struct dx_map_entry *map, unsigned count);
static struct ext4_dir_entry_2 *dx_move_dirents(char *from, char *to,
struct dx_map_entry *offsets, int count, unsigned blocksize);
@@ -1208,15 +1208,23 @@ static inline int search_dirblock(struct
* Create map of hash values, offsets, and sizes, stored at end of block.
* Returns number of entries mapped.
*/
-static int dx_make_map(struct inode *dir, struct ext4_dir_entry_2 *de,
- unsigned blocksize, struct dx_hash_info *hinfo,
+static int dx_make_map(struct inode *dir, struct buffer_head *bh,
+ struct dx_hash_info *hinfo,
struct dx_map_entry *map_tail)
{
int count = 0;
- char *base = (char *) de;
+ struct ext4_dir_entry_2 *de = (struct ext4_dir_entry_2 *)bh->b_data;
+ unsigned int buflen = bh->b_size;
+ char *base = bh->b_data;
struct dx_hash_info h = *hinfo;
- while ((char *) de < base + blocksize) {
+ if (ext4_has_metadata_csum(dir->i_sb))
+ buflen -= sizeof(struct ext4_dir_entry_tail);
+
+ while ((char *) de < base + buflen) {
+ if (ext4_check_dir_entry(dir, NULL, de, bh, base, buflen,
+ ((char *)de) - base))
+ return -EFSCORRUPTED;
if (de->name_len && de->inode) {
ext4fs_dirhash(dir, de->name, de->name_len, &h);
map_tail--;
@@ -1226,8 +1234,7 @@ static int dx_make_map(struct inode *dir
count++;
cond_resched();
}
- /* XXX: do we need to check rec_len == 0 case? -Chris */
- de = ext4_next_entry(de, blocksize);
+ de = ext4_next_entry(de, dir->i_sb->s_blocksize);
}
return count;
}
@@ -1853,8 +1860,11 @@ static struct ext4_dir_entry_2 *do_split
/* create map in the end of data2 block */
map = (struct dx_map_entry *) (data2 + blocksize);
- count = dx_make_map(dir, (struct ext4_dir_entry_2 *) data1,
- blocksize, hinfo, map);
+ count = dx_make_map(dir, *bh, hinfo, map);
+ if (count < 0) {
+ err = count;
+ goto journal_error;
+ }
map -= count;
dx_sort_map(map, count);
/* Ensure that neither split block is over half full */
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 365/452] ext4: avoid cycles in directory h-tree
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (363 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 364/452] ext4: verify dir block before splitting it Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 366/452] ACPI: property: Release subnode properties with data nodes Greg Kroah-Hartman
` (92 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jan Kara, Theodore Tso
From: Jan Kara <jack@suse.cz>
commit 3ba733f879c2a88910744647e41edeefbc0d92b2 upstream.
A maliciously corrupted filesystem can contain cycles in the h-tree
stored inside a directory. That can easily lead to the kernel corrupting
tree nodes that were already verified under its hands while doing a node
split and consequently accessing unallocated memory. Fix the problem by
verifying traversed block numbers are unique.
Cc: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220518093332.13986-2-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/namei.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -756,12 +756,14 @@ static struct dx_frame *
dx_probe(struct ext4_filename *fname, struct inode *dir,
struct dx_hash_info *hinfo, struct dx_frame *frame_in)
{
- unsigned count, indirect;
+ unsigned count, indirect, level, i;
struct dx_entry *at, *entries, *p, *q, *m;
struct dx_root *root;
struct dx_frame *frame = frame_in;
struct dx_frame *ret_err = ERR_PTR(ERR_BAD_DX_DIR);
u32 hash;
+ ext4_lblk_t block;
+ ext4_lblk_t blocks[EXT4_HTREE_LEVEL];
memset(frame_in, 0, EXT4_HTREE_LEVEL * sizeof(frame_in[0]));
frame->bh = ext4_read_dirblock(dir, 0, INDEX);
@@ -817,6 +819,8 @@ dx_probe(struct ext4_filename *fname, st
}
dxtrace(printk("Look up %x", hash));
+ level = 0;
+ blocks[0] = 0;
while (1) {
count = dx_get_count(entries);
if (!count || count > dx_get_limit(entries)) {
@@ -858,15 +862,27 @@ dx_probe(struct ext4_filename *fname, st
dx_get_block(at)));
frame->entries = entries;
frame->at = at;
- if (!indirect--)
+
+ block = dx_get_block(at);
+ for (i = 0; i <= level; i++) {
+ if (blocks[i] == block) {
+ ext4_warning_inode(dir,
+ "dx entry: tree cycle block %u points back to block %u",
+ blocks[level], block);
+ goto fail;
+ }
+ }
+ if (++level > indirect)
return frame;
+ blocks[level] = block;
frame++;
- frame->bh = ext4_read_dirblock(dir, dx_get_block(at), INDEX);
+ frame->bh = ext4_read_dirblock(dir, block, INDEX);
if (IS_ERR(frame->bh)) {
ret_err = (struct dx_frame *) frame->bh;
frame->bh = NULL;
goto fail;
}
+
entries = ((struct dx_node *) frame->bh->b_data)->entries;
if (dx_get_limit(entries) != dx_node_limit(dir)) {
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 366/452] ACPI: property: Release subnode properties with data nodes
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (364 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 365/452] ext4: avoid cycles in directory h-tree Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 367/452] tracing: Fix potential double free in create_var_ref() Greg Kroah-Hartman
` (91 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sakari Ailus, Andy Shevchenko,
Rafael J. Wysocki
From: Sakari Ailus <sakari.ailus@linux.intel.com>
commit 3bd561e1572ee02a50cd1a5be339abf1a5b78d56 upstream.
struct acpi_device_properties describes one source of properties present
on either struct acpi_device or struct acpi_data_node. When properties are
parsed, both are populated but when released, only those properties that
are associated with the device node are freed.
Fix this by also releasing memory of the data node properties.
Fixes: 5f5e4890d57a ("ACPI / property: Allow multiple property compatible _DSD entries")
Cc: 4.20+ <stable@vger.kernel.org> # 4.20+
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/property.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
--- a/drivers/acpi/property.c
+++ b/drivers/acpi/property.c
@@ -433,6 +433,16 @@ void acpi_init_properties(struct acpi_de
acpi_extract_apple_properties(adev);
}
+static void acpi_free_device_properties(struct list_head *list)
+{
+ struct acpi_device_properties *props, *tmp;
+
+ list_for_each_entry_safe(props, tmp, list, list) {
+ list_del(&props->list);
+ kfree(props);
+ }
+}
+
static void acpi_destroy_nondev_subnodes(struct list_head *list)
{
struct acpi_data_node *dn, *next;
@@ -445,22 +455,18 @@ static void acpi_destroy_nondev_subnodes
wait_for_completion(&dn->kobj_done);
list_del(&dn->sibling);
ACPI_FREE((void *)dn->data.pointer);
+ acpi_free_device_properties(&dn->data.properties);
kfree(dn);
}
}
void acpi_free_properties(struct acpi_device *adev)
{
- struct acpi_device_properties *props, *tmp;
-
acpi_destroy_nondev_subnodes(&adev->data.subnodes);
ACPI_FREE((void *)adev->data.pointer);
adev->data.of_compatible = NULL;
adev->data.pointer = NULL;
- list_for_each_entry_safe(props, tmp, &adev->data.properties, list) {
- list_del(&props->list);
- kfree(props);
- }
+ acpi_free_device_properties(&adev->data.properties);
}
/**
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 367/452] tracing: Fix potential double free in create_var_ref()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (365 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 366/452] ACPI: property: Release subnode properties with data nodes Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 368/452] PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 Greg Kroah-Hartman
` (90 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masami Hiramatsu, Tom Zanussi,
Keita Suzuki, Steven Rostedt (Google)
From: Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
commit 99696a2592bca641eb88cc9a80c90e591afebd0f upstream.
In create_var_ref(), init_var_ref() is called to initialize the fields
of variable ref_field, which is allocated in the previous function call
to create_hist_field(). Function init_var_ref() allocates the
corresponding fields such as ref_field->system, but frees these fields
when the function encounters an error. The caller later calls
destroy_hist_field() to conduct error handling, which frees the fields
and the variable itself. This results in double free of the fields which
are already freed in the previous function.
Fix this by storing NULL to the corresponding fields when they are freed
in init_var_ref().
Link: https://lkml.kernel.org/r/20220425063739.3859998-1-keitasuzuki.park@sslab.ics.keio.ac.jp
Fixes: 067fe038e70f ("tracing: Add variable reference handling to hist triggers")
CC: stable@vger.kernel.org
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Reviewed-by: Tom Zanussi <zanussi@kernel.org>
Signed-off-by: Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_events_hist.c | 3 +++
1 file changed, 3 insertions(+)
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -1789,8 +1789,11 @@ static int init_var_ref(struct hist_fiel
return err;
free:
kfree(ref_field->system);
+ ref_field->system = NULL;
kfree(ref_field->event_name);
+ ref_field->event_name = NULL;
kfree(ref_field->name);
+ ref_field->name = NULL;
goto out;
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 368/452] PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (366 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 367/452] tracing: Fix potential double free in create_var_ref() Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 369/452] PCI: qcom: Fix runtime PM imbalance on probe errors Greg Kroah-Hartman
` (89 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bjorn Helgaas
From: Bjorn Helgaas <bhelgaas@google.com>
commit 12068bb346db5776d0ec9bb4cd073f8427a1ac92 upstream.
92597f97a40b ("PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold") omitted
braces around the new Elo i2 entry, so it overwrote the existing Gigabyte
X299 entry. Add the appropriate braces.
Found by:
$ make W=1 drivers/pci/pci.o
CC drivers/pci/pci.o
drivers/pci/pci.c:2974:12: error: initialized field overwritten [-Werror=override-init]
2974 | .ident = "Elo i2",
| ^~~~~~~~
Link: https://lore.kernel.org/r/20220526221258.GA409855@bhelgaas
Fixes: 92597f97a40b ("PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold")
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org # v5.15+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/pci.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -2829,6 +2829,8 @@ static const struct dmi_system_id bridge
DMI_MATCH(DMI_BOARD_VENDOR, "Gigabyte Technology Co., Ltd."),
DMI_MATCH(DMI_BOARD_NAME, "X299 DESIGNARE EX-CF"),
},
+ },
+ {
/*
* Downstream device is not accessible after putting a root port
* into D3cold and back into D0 on Elo i2.
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 369/452] PCI: qcom: Fix runtime PM imbalance on probe errors
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (367 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 368/452] PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 370/452] PCI: qcom: Fix unbalanced PHY init " Greg Kroah-Hartman
` (88 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Lorenzo Pieralisi,
Bjorn Helgaas, Manivannan Sadhasivam, Stanimir Varbanov,
Bjorn Andersson
From: Johan Hovold <johan+linaro@kernel.org>
commit 87d83b96c8d6c6c2d2096bd0bdba73bcf42b8ef0 upstream.
Drop the leftover pm_runtime_disable() calls from the late probe error
paths that would, for example, prevent runtime PM from being reenabled
after a probe deferral.
Link: https://lore.kernel.org/r/20220401133854.10421-2-johan+linaro@kernel.org
Fixes: 6e5da6f7d824 ("PCI: qcom: Fix error handling in runtime PM support")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Acked-by: Stanimir Varbanov <svarbanov@mm-sol.com>
Cc: stable@vger.kernel.org # 4.20
Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/controller/dwc/pcie-qcom.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
--- a/drivers/pci/controller/dwc/pcie-qcom.c
+++ b/drivers/pci/controller/dwc/pcie-qcom.c
@@ -1443,17 +1443,14 @@ static int qcom_pcie_probe(struct platfo
}
ret = phy_init(pcie->phy);
- if (ret) {
- pm_runtime_disable(&pdev->dev);
+ if (ret)
goto err_pm_runtime_put;
- }
platform_set_drvdata(pdev, pcie);
ret = dw_pcie_host_init(pp);
if (ret) {
dev_err(dev, "cannot initialize host\n");
- pm_runtime_disable(&pdev->dev);
goto err_pm_runtime_put;
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 370/452] PCI: qcom: Fix unbalanced PHY init on probe errors
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (368 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 369/452] PCI: qcom: Fix runtime PM imbalance on probe errors Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 371/452] mm, compaction: fast_find_migrateblock() should return pfn in the target zone Greg Kroah-Hartman
` (87 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Lorenzo Pieralisi,
Bjorn Helgaas, Manivannan Sadhasivam, Stanimir Varbanov
From: Johan Hovold <johan+linaro@kernel.org>
commit 83013631f0f9961416abd812e228c8efbc2f6069 upstream.
Undo the PHY initialisation (e.g. balance runtime PM) if host
initialisation fails during probe.
Link: https://lore.kernel.org/r/20220401133854.10421-3-johan+linaro@kernel.org
Fixes: 82a823833f4e ("PCI: qcom: Add Qualcomm PCIe controller driver")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Acked-by: Stanimir Varbanov <svarbanov@mm-sol.com>
Cc: stable@vger.kernel.org # 4.5
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/controller/dwc/pcie-qcom.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/pci/controller/dwc/pcie-qcom.c
+++ b/drivers/pci/controller/dwc/pcie-qcom.c
@@ -1451,11 +1451,13 @@ static int qcom_pcie_probe(struct platfo
ret = dw_pcie_host_init(pp);
if (ret) {
dev_err(dev, "cannot initialize host\n");
- goto err_pm_runtime_put;
+ goto err_phy_exit;
}
return 0;
+err_phy_exit:
+ phy_exit(pcie->phy);
err_pm_runtime_put:
pm_runtime_put(dev);
pm_runtime_disable(dev);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 371/452] mm, compaction: fast_find_migrateblock() should return pfn in the target zone
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (369 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 370/452] PCI: qcom: Fix unbalanced PHY init " Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 372/452] s390/perf: obtain sie_block from the right address Greg Kroah-Hartman
` (86 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rei Yamamoto, Miaohe Lin, Mel Gorman,
Oscar Salvador, Don Dutile, Wonhyuk Yang, Andrew Morton
From: Rei Yamamoto <yamamoto.rei@jp.fujitsu.com>
commit bbe832b9db2e1ad21522f8f0bf02775fff8a0e0e upstream.
At present, pages not in the target zone are added to cc->migratepages
list in isolate_migratepages_block(). As a result, pages may migrate
between nodes unintentionally.
This would be a serious problem for older kernels without commit
a984226f457f849e ("mm: memcontrol: remove the pgdata parameter of
mem_cgroup_page_lruvec"), because it can corrupt the lru list by
handling pages in list without holding proper lru_lock.
Avoid returning a pfn outside the target zone in the case that it is
not aligned with a pageblock boundary. Otherwise
isolate_migratepages_block() will handle pages not in the target zone.
Link: https://lkml.kernel.org/r/20220511044300.4069-1-yamamoto.rei@jp.fujitsu.com
Fixes: 70b44595eafe ("mm, compaction: use free lists to quickly locate a migration source")
Signed-off-by: Rei Yamamoto <yamamoto.rei@jp.fujitsu.com>
Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>
Acked-by: Mel Gorman <mgorman@techsingularity.net>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Cc: Don Dutile <ddutile@redhat.com>
Cc: Wonhyuk Yang <vvghjk1234@gmail.com>
Cc: Rei Yamamoto <yamamoto.rei@jp.fujitsu.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/compaction.c | 2 ++
1 file changed, 2 insertions(+)
--- a/mm/compaction.c
+++ b/mm/compaction.c
@@ -1747,6 +1747,8 @@ static unsigned long fast_find_migratebl
update_fast_start_pfn(cc, free_pfn);
pfn = pageblock_start_pfn(free_pfn);
+ if (pfn < cc->zone->zone_start_pfn)
+ pfn = cc->zone->zone_start_pfn;
cc->fast_search_fail = 0;
found_block = true;
set_pageblock_skip(freepage);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 372/452] s390/perf: obtain sie_block from the right address
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (370 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 371/452] mm, compaction: fast_find_migrateblock() should return pfn in the target zone Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 373/452] dlm: fix plock invalid read Greg Kroah-Hartman
` (85 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Borntraeger,
Claudio Imbrenda, Heiko Carstens, Nico Boehr
From: Nico Boehr <nrb@linux.ibm.com>
commit c9bfb460c3e4da2462e16b0f0b200990b36b1dd2 upstream.
Since commit 1179f170b6f0 ("s390: fix fpu restore in entry.S"), the
sie_block pointer is located at empty1[1], but in sie_block() it was
taken from empty1[0].
This leads to a random pointer being dereferenced, possibly causing
system crash.
This problem can be observed when running a simple guest with an endless
loop and recording the cpu-clock event:
sudo perf kvm --guestvmlinux=<guestkernel> --guest top -e cpu-clock
With this fix, the correct guest address is shown.
Fixes: 1179f170b6f0 ("s390: fix fpu restore in entry.S")
Cc: stable@vger.kernel.org
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Nico Boehr <nrb@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/kernel/perf_event.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/s390/kernel/perf_event.c
+++ b/arch/s390/kernel/perf_event.c
@@ -51,7 +51,7 @@ static struct kvm_s390_sie_block *sie_bl
if (!stack)
return NULL;
- return (struct kvm_s390_sie_block *) stack->empty1[0];
+ return (struct kvm_s390_sie_block *)stack->empty1[1];
}
static bool is_in_guest(struct pt_regs *regs)
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 373/452] dlm: fix plock invalid read
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (371 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 372/452] s390/perf: obtain sie_block from the right address Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 374/452] dlm: fix missing lkb refcount handling Greg Kroah-Hartman
` (84 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andreas Gruenbacher, Alexander Aring,
David Teigland
From: Alexander Aring <aahringo@redhat.com>
commit 42252d0d2aa9b94d168241710a761588b3959019 upstream.
This patch fixes an invalid read showed by KASAN. A unlock will allocate a
"struct plock_op" and a followed send_op() will append it to a global
send_list data structure. In some cases a followed dev_read() moves it
to recv_list and dev_write() will cast it to "struct plock_xop" and access
fields which are only available in those structures. At this point an
invalid read happens by accessing those fields.
To fix this issue the "callback" field is moved to "struct plock_op" to
indicate that a cast to "plock_xop" is allowed and does the additional
"plock_xop" handling if set.
Example of the KASAN output which showed the invalid read:
[ 2064.296453] ==================================================================
[ 2064.304852] BUG: KASAN: slab-out-of-bounds in dev_write+0x52b/0x5a0 [dlm]
[ 2064.306491] Read of size 8 at addr ffff88800ef227d8 by task dlm_controld/7484
[ 2064.308168]
[ 2064.308575] CPU: 0 PID: 7484 Comm: dlm_controld Kdump: loaded Not tainted 5.14.0+ #9
[ 2064.310292] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 2064.311618] Call Trace:
[ 2064.312218] dump_stack_lvl+0x56/0x7b
[ 2064.313150] print_address_description.constprop.8+0x21/0x150
[ 2064.314578] ? dev_write+0x52b/0x5a0 [dlm]
[ 2064.315610] ? dev_write+0x52b/0x5a0 [dlm]
[ 2064.316595] kasan_report.cold.14+0x7f/0x11b
[ 2064.317674] ? dev_write+0x52b/0x5a0 [dlm]
[ 2064.318687] dev_write+0x52b/0x5a0 [dlm]
[ 2064.319629] ? dev_read+0x4a0/0x4a0 [dlm]
[ 2064.320713] ? bpf_lsm_kernfs_init_security+0x10/0x10
[ 2064.321926] vfs_write+0x17e/0x930
[ 2064.322769] ? __fget_light+0x1aa/0x220
[ 2064.323753] ksys_write+0xf1/0x1c0
[ 2064.324548] ? __ia32_sys_read+0xb0/0xb0
[ 2064.325464] do_syscall_64+0x3a/0x80
[ 2064.326387] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2064.327606] RIP: 0033:0x7f807e4ba96f
[ 2064.328470] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 39 87 f8 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 87 f8 ff 48
[ 2064.332902] RSP: 002b:00007ffd50cfe6e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 2064.334658] RAX: ffffffffffffffda RBX: 000055cc3886eb30 RCX: 00007f807e4ba96f
[ 2064.336275] RDX: 0000000000000040 RSI: 00007ffd50cfe7e0 RDI: 0000000000000010
[ 2064.337980] RBP: 00007ffd50cfe7e0 R08: 0000000000000000 R09: 0000000000000001
[ 2064.339560] R10: 000055cc3886eb30 R11: 0000000000000293 R12: 000055cc3886eb80
[ 2064.341237] R13: 000055cc3886eb00 R14: 000055cc3886f590 R15: 0000000000000001
[ 2064.342857]
[ 2064.343226] Allocated by task 12438:
[ 2064.344057] kasan_save_stack+0x1c/0x40
[ 2064.345079] __kasan_kmalloc+0x84/0xa0
[ 2064.345933] kmem_cache_alloc_trace+0x13b/0x220
[ 2064.346953] dlm_posix_unlock+0xec/0x720 [dlm]
[ 2064.348811] do_lock_file_wait.part.32+0xca/0x1d0
[ 2064.351070] fcntl_setlk+0x281/0xbc0
[ 2064.352879] do_fcntl+0x5e4/0xfe0
[ 2064.354657] __x64_sys_fcntl+0x11f/0x170
[ 2064.356550] do_syscall_64+0x3a/0x80
[ 2064.358259] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2064.360745]
[ 2064.361511] Last potentially related work creation:
[ 2064.363957] kasan_save_stack+0x1c/0x40
[ 2064.365811] __kasan_record_aux_stack+0xaf/0xc0
[ 2064.368100] call_rcu+0x11b/0xf70
[ 2064.369785] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm]
[ 2064.372404] receive_from_sock+0x290/0x770 [dlm]
[ 2064.374607] process_recv_sockets+0x32/0x40 [dlm]
[ 2064.377290] process_one_work+0x9a8/0x16e0
[ 2064.379357] worker_thread+0x87/0xbf0
[ 2064.381188] kthread+0x3ac/0x490
[ 2064.383460] ret_from_fork+0x22/0x30
[ 2064.385588]
[ 2064.386518] Second to last potentially related work creation:
[ 2064.389219] kasan_save_stack+0x1c/0x40
[ 2064.391043] __kasan_record_aux_stack+0xaf/0xc0
[ 2064.393303] call_rcu+0x11b/0xf70
[ 2064.394885] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm]
[ 2064.397694] receive_from_sock+0x290/0x770 [dlm]
[ 2064.399932] process_recv_sockets+0x32/0x40 [dlm]
[ 2064.402180] process_one_work+0x9a8/0x16e0
[ 2064.404388] worker_thread+0x87/0xbf0
[ 2064.406124] kthread+0x3ac/0x490
[ 2064.408021] ret_from_fork+0x22/0x30
[ 2064.409834]
[ 2064.410599] The buggy address belongs to the object at ffff88800ef22780
[ 2064.410599] which belongs to the cache kmalloc-96 of size 96
[ 2064.416495] The buggy address is located 88 bytes inside of
[ 2064.416495] 96-byte region [ffff88800ef22780, ffff88800ef227e0)
[ 2064.422045] The buggy address belongs to the page:
[ 2064.424635] page:00000000b6bef8bc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xef22
[ 2064.428970] flags: 0xfffffc0000200(slab|node=0|zone=1|lastcpupid=0x1fffff)
[ 2064.432515] raw: 000fffffc0000200 ffffea0000d68b80 0000001400000014 ffff888001041780
[ 2064.436110] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 2064.439813] page dumped because: kasan: bad access detected
[ 2064.442548]
[ 2064.443310] Memory state around the buggy address:
[ 2064.445988] ffff88800ef22680: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 2064.449444] ffff88800ef22700: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 2064.452941] >ffff88800ef22780: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[ 2064.456383] ^
[ 2064.459386] ffff88800ef22800: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[ 2064.462788] ffff88800ef22880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 2064.466239] ==================================================================
reproducer in python:
import argparse
import struct
import fcntl
import os
parser = argparse.ArgumentParser()
parser.add_argument('-f', '--file',
help='file to use fcntl, must be on dlm lock filesystem e.g. gfs2')
args = parser.parse_args()
f = open(args.file, 'wb+')
lockdata = struct.pack('hhllhh', fcntl.F_WRLCK,0,0,0,0,0)
fcntl.fcntl(f, fcntl.F_SETLK, lockdata)
lockdata = struct.pack('hhllhh', fcntl.F_UNLCK,0,0,0,0,0)
fcntl.fcntl(f, fcntl.F_SETLK, lockdata)
Fixes: 586759f03e2e ("gfs2: nfs lock support for gfs2")
Cc: stable@vger.kernel.org
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dlm/plock.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
--- a/fs/dlm/plock.c
+++ b/fs/dlm/plock.c
@@ -23,11 +23,11 @@ struct plock_op {
struct list_head list;
int done;
struct dlm_plock_info info;
+ int (*callback)(struct file_lock *fl, int result);
};
struct plock_xop {
struct plock_op xop;
- int (*callback)(struct file_lock *fl, int result);
void *fl;
void *file;
struct file_lock flc;
@@ -129,19 +129,18 @@ int dlm_posix_lock(dlm_lockspace_t *lock
/* fl_owner is lockd which doesn't distinguish
processes on the nfs client */
op->info.owner = (__u64) fl->fl_pid;
- xop->callback = fl->fl_lmops->lm_grant;
+ op->callback = fl->fl_lmops->lm_grant;
locks_init_lock(&xop->flc);
locks_copy_lock(&xop->flc, fl);
xop->fl = fl;
xop->file = file;
} else {
op->info.owner = (__u64)(long) fl->fl_owner;
- xop->callback = NULL;
}
send_op(op);
- if (xop->callback == NULL) {
+ if (!op->callback) {
rv = wait_event_interruptible(recv_wq, (op->done != 0));
if (rv == -ERESTARTSYS) {
log_debug(ls, "dlm_posix_lock: wait killed %llx",
@@ -203,7 +202,7 @@ static int dlm_plock_callback(struct plo
file = xop->file;
flc = &xop->flc;
fl = xop->fl;
- notify = xop->callback;
+ notify = op->callback;
if (op->info.rv) {
notify(fl, op->info.rv);
@@ -436,10 +435,9 @@ static ssize_t dev_write(struct file *fi
if (op->info.fsid == info.fsid &&
op->info.number == info.number &&
op->info.owner == info.owner) {
- struct plock_xop *xop = (struct plock_xop *)op;
list_del_init(&op->list);
memcpy(&op->info, &info, sizeof(info));
- if (xop->callback)
+ if (op->callback)
do_callback = 1;
else
op->done = 1;
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 374/452] dlm: fix missing lkb refcount handling
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (372 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 373/452] dlm: fix plock invalid read Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 375/452] ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock Greg Kroah-Hartman
` (83 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alexander Aring, David Teigland
From: Alexander Aring <aahringo@redhat.com>
commit 1689c169134f4b5a39156122d799b7dca76d8ddb upstream.
We always call hold_lkb(lkb) if we increment lkb->lkb_wait_count.
So, we always need to call unhold_lkb(lkb) if we decrement
lkb->lkb_wait_count. This patch will add missing unhold_lkb(lkb) if we
decrement lkb->lkb_wait_count. In case of setting lkb->lkb_wait_count to
zero we need to countdown until reaching zero and call unhold_lkb(lkb).
The waiters list unhold_lkb(lkb) can be removed because it's done for
the last lkb_wait_count decrement iteration as it's done in
_remove_from_waiters().
This issue was discovered by a dlm gfs2 test case which use excessively
dlm_unlock(LKF_CANCEL) feature. Probably the lkb->lkb_wait_count value
never reached above 1 if this feature isn't used and so it was not
discovered before.
The testcase ended in a rsb on the rsb keep data structure with a
refcount of 1 but no lkb was associated with it, which is itself
an invalid behaviour. A side effect of that was a condition in which
the dlm was sending remove messages in a looping behaviour. With this
patch that has not been reproduced.
Cc: stable@vger.kernel.org
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dlm/lock.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
--- a/fs/dlm/lock.c
+++ b/fs/dlm/lock.c
@@ -1551,6 +1551,7 @@ static int _remove_from_waiters(struct d
lkb->lkb_wait_type = 0;
lkb->lkb_flags &= ~DLM_IFL_OVERLAP_CANCEL;
lkb->lkb_wait_count--;
+ unhold_lkb(lkb);
goto out_del;
}
@@ -1577,6 +1578,7 @@ static int _remove_from_waiters(struct d
log_error(ls, "remwait error %x reply %d wait_type %d overlap",
lkb->lkb_id, mstype, lkb->lkb_wait_type);
lkb->lkb_wait_count--;
+ unhold_lkb(lkb);
lkb->lkb_wait_type = 0;
}
@@ -5312,11 +5314,16 @@ int dlm_recover_waiters_post(struct dlm_
lkb->lkb_flags &= ~DLM_IFL_OVERLAP_UNLOCK;
lkb->lkb_flags &= ~DLM_IFL_OVERLAP_CANCEL;
lkb->lkb_wait_type = 0;
- lkb->lkb_wait_count = 0;
+ /* drop all wait_count references we still
+ * hold a reference for this iteration.
+ */
+ while (lkb->lkb_wait_count) {
+ lkb->lkb_wait_count--;
+ unhold_lkb(lkb);
+ }
mutex_lock(&ls->ls_waiters_mutex);
list_del_init(&lkb->lkb_wait_reply);
mutex_unlock(&ls->ls_waiters_mutex);
- unhold_lkb(lkb); /* for waiters list */
if (oc || ou) {
/* do an unlock or cancel instead of resending */
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 375/452] ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (373 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 374/452] dlm: fix missing lkb refcount handling Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 376/452] scsi: dc395x: Fix a missing check on list iterator Greg Kroah-Hartman
` (82 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Junxiao Bi, Joseph Qi, Mark Fasheh,
Joel Becker, Joseph Qi, Changwei Ge, Gang He, Jun Piao,
Andrew Morton
From: Junxiao Bi via Ocfs2-devel <ocfs2-devel@oss.oracle.com>
commit 863e0d81b6683c4cbc588ad831f560c90e494bef upstream.
When user_dlm_destroy_lock failed, it didn't clean up the flags it set
before exit. For USER_LOCK_IN_TEARDOWN, if this function fails because of
lock is still in used, next time when unlink invokes this function, it
will return succeed, and then unlink will remove inode and dentry if lock
is not in used(file closed), but the dlm lock is still linked in dlm lock
resource, then when bast come in, it will trigger a panic due to
user-after-free. See the following panic call trace. To fix this,
USER_LOCK_IN_TEARDOWN should be reverted if fail. And also error should
be returned if USER_LOCK_IN_TEARDOWN is set to let user know that unlink
fail.
For the case of ocfs2_dlm_unlock failure, besides USER_LOCK_IN_TEARDOWN,
USER_LOCK_BUSY is also required to be cleared. Even though spin lock is
released in between, but USER_LOCK_IN_TEARDOWN is still set, for
USER_LOCK_BUSY, if before every place that waits on this flag,
USER_LOCK_IN_TEARDOWN is checked to bail out, that will make sure no flow
waits on the busy flag set by user_dlm_destroy_lock(), then we can
simplely revert USER_LOCK_BUSY when ocfs2_dlm_unlock fails. Fix
user_dlm_cluster_lock() which is the only function not following this.
[ 941.336392] (python,26174,16):dlmfs_unlink:562 ERROR: unlink
004fb0000060000b5a90b8c847b72e1, error -16 from destroy
[ 989.757536] ------------[ cut here ]------------
[ 989.757709] kernel BUG at fs/ocfs2/dlmfs/userdlm.c:173!
[ 989.757876] invalid opcode: 0000 [#1] SMP
[ 989.758027] Modules linked in: ksplice_2zhuk2jr_ib_ipoib_new(O)
ksplice_2zhuk2jr(O) mptctl mptbase xen_netback xen_blkback xen_gntalloc
xen_gntdev xen_evtchn cdc_ether usbnet mii ocfs2 jbd2 rpcsec_gss_krb5
auth_rpcgss nfsv4 nfsv3 nfs_acl nfs fscache lockd grace ocfs2_dlmfs
ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs bnx2fc
fcoe libfcoe libfc scsi_transport_fc sunrpc ipmi_devintf bridge stp llc
rds_rdma rds bonding ib_sdp ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad
rdma_cm ib_cm iw_cm falcon_lsm_serviceable(PE) falcon_nf_netcontain(PE)
mlx4_vnic falcon_kal(E) falcon_lsm_pinned_13402(E) mlx4_ib ib_sa ib_mad
ib_core ib_addr xenfs xen_privcmd dm_multipath iTCO_wdt iTCO_vendor_support
pcspkr sb_edac edac_core i2c_i801 lpc_ich mfd_core ipmi_ssif i2c_core ipmi_si
ipmi_msghandler
[ 989.760686] ioatdma sg ext3 jbd mbcache sd_mod ahci libahci ixgbe dca ptp
pps_core vxlan udp_tunnel ip6_udp_tunnel megaraid_sas mlx4_core crc32c_intel
be2iscsi bnx2i cnic uio cxgb4i cxgb4 cxgb3i libcxgbi ipv6 cxgb3 mdio
libiscsi_tcp qla4xxx iscsi_boot_sysfs libiscsi scsi_transport_iscsi wmi
dm_mirror dm_region_hash dm_log dm_mod [last unloaded:
ksplice_2zhuk2jr_ib_ipoib_old]
[ 989.761987] CPU: 10 PID: 19102 Comm: dlm_thread Tainted: P OE
4.1.12-124.57.1.el6uek.x86_64 #2
[ 989.762290] Hardware name: Oracle Corporation ORACLE SERVER
X5-2/ASM,MOTHERBOARD,1U, BIOS 30350100 06/17/2021
[ 989.762599] task: ffff880178af6200 ti: ffff88017f7c8000 task.ti:
ffff88017f7c8000
[ 989.762848] RIP: e030:[<ffffffffc07d4316>] [<ffffffffc07d4316>]
__user_dlm_queue_lockres.part.4+0x76/0x80 [ocfs2_dlmfs]
[ 989.763185] RSP: e02b:ffff88017f7cbcb8 EFLAGS: 00010246
[ 989.763353] RAX: 0000000000000000 RBX: ffff880174d48008 RCX:
0000000000000003
[ 989.763565] RDX: 0000000000120012 RSI: 0000000000000003 RDI:
ffff880174d48170
[ 989.763778] RBP: ffff88017f7cbcc8 R08: ffff88021f4293b0 R09:
0000000000000000
[ 989.763991] R10: ffff880179c8c000 R11: 0000000000000003 R12:
ffff880174d48008
[ 989.764204] R13: 0000000000000003 R14: ffff880179c8c000 R15:
ffff88021db7a000
[ 989.764422] FS: 0000000000000000(0000) GS:ffff880247480000(0000)
knlGS:ffff880247480000
[ 989.764685] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 989.764865] CR2: ffff8000007f6800 CR3: 0000000001ae0000 CR4:
0000000000042660
[ 989.765081] Stack:
[ 989.765167] 0000000000000003 ffff880174d48040 ffff88017f7cbd18
ffffffffc07d455f
[ 989.765442] ffff88017f7cbd88 ffffffff816fb639 ffff88017f7cbd38
ffff8800361b5600
[ 989.765717] ffff88021db7a000 ffff88021f429380 0000000000000003
ffffffffc0453020
[ 989.765991] Call Trace:
[ 989.766093] [<ffffffffc07d455f>] user_bast+0x5f/0xf0 [ocfs2_dlmfs]
[ 989.766287] [<ffffffff816fb639>] ? schedule_timeout+0x169/0x2d0
[ 989.766475] [<ffffffffc0453020>] ? o2dlm_lock_ast_wrapper+0x20/0x20
[ocfs2_stack_o2cb]
[ 989.766738] [<ffffffffc045303a>] o2dlm_blocking_ast_wrapper+0x1a/0x20
[ocfs2_stack_o2cb]
[ 989.767010] [<ffffffffc0864ec6>] dlm_do_local_bast+0x46/0xe0 [ocfs2_dlm]
[ 989.767217] [<ffffffffc084f5cc>] ? dlm_lockres_calc_usage+0x4c/0x60
[ocfs2_dlm]
[ 989.767466] [<ffffffffc08501f1>] dlm_thread+0xa31/0x1140 [ocfs2_dlm]
[ 989.767662] [<ffffffff816f78da>] ? __schedule+0x24a/0x810
[ 989.767834] [<ffffffff816f78ce>] ? __schedule+0x23e/0x810
[ 989.768006] [<ffffffff816f78da>] ? __schedule+0x24a/0x810
[ 989.768178] [<ffffffff816f78ce>] ? __schedule+0x23e/0x810
[ 989.768349] [<ffffffff816f78da>] ? __schedule+0x24a/0x810
[ 989.768521] [<ffffffff816f78ce>] ? __schedule+0x23e/0x810
[ 989.768693] [<ffffffff816f78da>] ? __schedule+0x24a/0x810
[ 989.768893] [<ffffffff816f78ce>] ? __schedule+0x23e/0x810
[ 989.769067] [<ffffffff816f78da>] ? __schedule+0x24a/0x810
[ 989.769241] [<ffffffff810ce4d0>] ? wait_woken+0x90/0x90
[ 989.769411] [<ffffffffc084f7c0>] ? dlm_kick_thread+0x80/0x80 [ocfs2_dlm]
[ 989.769617] [<ffffffff810a8bbb>] kthread+0xcb/0xf0
[ 989.769774] [<ffffffff816f78da>] ? __schedule+0x24a/0x810
[ 989.769945] [<ffffffff816f78da>] ? __schedule+0x24a/0x810
[ 989.770117] [<ffffffff810a8af0>] ? kthread_create_on_node+0x180/0x180
[ 989.770321] [<ffffffff816fdaa1>] ret_from_fork+0x61/0x90
[ 989.770492] [<ffffffff810a8af0>] ? kthread_create_on_node+0x180/0x180
[ 989.770689] Code: d0 00 00 00 f0 45 7d c0 bf 00 20 00 00 48 89 83 c0 00 00
00 48 89 83 c8 00 00 00 e8 55 c1 8c c0 83 4b 04 10 48 83 c4 08 5b 5d c3 <0f>
0b 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 55 41 54 53 48 83
[ 989.771892] RIP [<ffffffffc07d4316>]
__user_dlm_queue_lockres.part.4+0x76/0x80 [ocfs2_dlmfs]
[ 989.772174] RSP <ffff88017f7cbcb8>
[ 989.772704] ---[ end trace ebd1e38cebcc93a8 ]---
[ 989.772907] Kernel panic - not syncing: Fatal exception
[ 989.773173] Kernel Offset: disabled
Link: https://lkml.kernel.org/r/20220518235224.87100-2-junxiao.bi@oracle.com
Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Joseph Qi <jiangqi903@gmail.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ocfs2/dlmfs/userdlm.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
--- a/fs/ocfs2/dlmfs/userdlm.c
+++ b/fs/ocfs2/dlmfs/userdlm.c
@@ -435,6 +435,11 @@ again:
}
spin_lock(&lockres->l_lock);
+ if (lockres->l_flags & USER_LOCK_IN_TEARDOWN) {
+ spin_unlock(&lockres->l_lock);
+ status = -EAGAIN;
+ goto bail;
+ }
/* We only compare against the currently granted level
* here. If the lock is blocked waiting on a downconvert,
@@ -597,7 +602,7 @@ int user_dlm_destroy_lock(struct user_lo
spin_lock(&lockres->l_lock);
if (lockres->l_flags & USER_LOCK_IN_TEARDOWN) {
spin_unlock(&lockres->l_lock);
- return 0;
+ goto bail;
}
lockres->l_flags |= USER_LOCK_IN_TEARDOWN;
@@ -611,12 +616,17 @@ int user_dlm_destroy_lock(struct user_lo
}
if (lockres->l_ro_holders || lockres->l_ex_holders) {
+ lockres->l_flags &= ~USER_LOCK_IN_TEARDOWN;
spin_unlock(&lockres->l_lock);
goto bail;
}
status = 0;
if (!(lockres->l_flags & USER_LOCK_ATTACHED)) {
+ /*
+ * lock is never requested, leave USER_LOCK_IN_TEARDOWN set
+ * to avoid new lock request coming in.
+ */
spin_unlock(&lockres->l_lock);
goto bail;
}
@@ -627,6 +637,10 @@ int user_dlm_destroy_lock(struct user_lo
status = ocfs2_dlm_unlock(conn, &lockres->l_lksb, DLM_LKF_VALBLK);
if (status) {
+ spin_lock(&lockres->l_lock);
+ lockres->l_flags &= ~USER_LOCK_IN_TEARDOWN;
+ lockres->l_flags &= ~USER_LOCK_BUSY;
+ spin_unlock(&lockres->l_lock);
user_log_dlm_error("ocfs2_dlm_unlock", status, lockres);
goto bail;
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 376/452] scsi: dc395x: Fix a missing check on list iterator
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (374 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 375/452] ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 377/452] scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled Greg Kroah-Hartman
` (81 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Martin K. Petersen
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit 036a45aa587a10fa2abbd50fbd0f6c4cfc44f69f upstream.
The bug is here:
p->target_id, p->target_lun);
The list iterator 'p' will point to a bogus position containing HEAD if the
list is empty or no element is found. This case must be checked before any
use of the iterator, otherwise it will lead to an invalid memory access.
To fix this bug, add a check. Use a new variable 'iter' as the list
iterator, and use the original variable 'p' as a dedicated pointer to point
to the found element.
Link: https://lore.kernel.org/r/20220414040231.2662-1-xiam0nd.tong@gmail.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/dc395x.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
--- a/drivers/scsi/dc395x.c
+++ b/drivers/scsi/dc395x.c
@@ -3631,10 +3631,19 @@ static struct DeviceCtlBlk *device_alloc
#endif
if (dcb->target_lun != 0) {
/* Copy settings */
- struct DeviceCtlBlk *p;
- list_for_each_entry(p, &acb->dcb_list, list)
- if (p->target_id == dcb->target_id)
+ struct DeviceCtlBlk *p = NULL, *iter;
+
+ list_for_each_entry(iter, &acb->dcb_list, list)
+ if (iter->target_id == dcb->target_id) {
+ p = iter;
break;
+ }
+
+ if (!p) {
+ kfree(dcb);
+ return NULL;
+ }
+
dprintkdbg(DBG_1,
"device_alloc: <%02i-%i> copy from <%02i-%i>\n",
dcb->target_id, dcb->target_lun,
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 377/452] scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (375 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 376/452] scsi: dc395x: Fix a missing check on list iterator Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 378/452] drm/amdgpu/cs: make commands with 0 chunks illegal behaviour Greg Kroah-Hartman
` (80 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bjorn Andersson,
Manivannan Sadhasivam, Martin K. Petersen
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
commit 8eecddfca30e1651dc1c74531ed5eef21dcce7e3 upstream.
In ufs_qcom_dev_ref_clk_ctrl(), it was noted that the ref_clk needs to be
stable for at least 1us. Even though there is wmb() to make sure the write
gets "completed", there is no guarantee that the write actually reached the
UFS device. There is a good chance that the write could be stored in a
Write Buffer (WB). In that case, even though the CPU waits for 1us, the
ref_clk might not be stable for that period.
So lets do a readl() to make sure that the previous write has reached the
UFS device before udelay().
Also, the wmb() after writel_relaxed() is not really needed. Both writel()
and readl() are ordered on all architectures and the CPU won't speculate
instructions after readl() due to the in-built control dependency with read
value on weakly ordered architectures. So it can be safely removed.
Link: https://lore.kernel.org/r/20220504084212.11605-4-manivannan.sadhasivam@linaro.org
Fixes: f06fcc7155dc ("scsi: ufs-qcom: add QUniPro hardware support and power optimizations")
Cc: stable@vger.kernel.org
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/ufs/ufs-qcom.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/scsi/ufs/ufs-qcom.c
+++ b/drivers/scsi/ufs/ufs-qcom.c
@@ -664,8 +664,11 @@ static void ufs_qcom_dev_ref_clk_ctrl(st
writel_relaxed(temp, host->dev_ref_clk_ctrl_mmio);
- /* ensure that ref_clk is enabled/disabled before we return */
- wmb();
+ /*
+ * Make sure the write to ref_clk reaches the destination and
+ * not stored in a Write Buffer (WB).
+ */
+ readl(host->dev_ref_clk_ctrl_mmio);
/*
* If we call hibern8 exit after this, we need to make sure that
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 378/452] drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (376 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 377/452] scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 379/452] drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem Greg Kroah-Hartman
` (79 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dave Airlie, Alex Deucher
From: Dave Airlie <airlied@redhat.com>
commit 31ab27b14daaa75541a415c6794d6f3567fea44a upstream.
Submitting a cs with 0 chunks, causes an oops later, found trying
to execute the wrong userspace driver.
MESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo
[172536.665184] BUG: kernel NULL pointer dereference, address: 00000000000001d8
[172536.665188] #PF: supervisor read access in kernel mode
[172536.665189] #PF: error_code(0x0000) - not-present page
[172536.665191] PGD 6712a0067 P4D 6712a0067 PUD 5af9ff067 PMD 0
[172536.665195] Oops: 0000 [#1] SMP NOPTI
[172536.665197] CPU: 7 PID: 2769838 Comm: glxinfo Tainted: P O 5.10.81 #1-NixOS
[172536.665199] Hardware name: To be filled by O.E.M. To be filled by O.E.M./CROSSHAIR V FORMULA-Z, BIOS 2201 03/23/2015
[172536.665272] RIP: 0010:amdgpu_cs_ioctl+0x96/0x1ce0 [amdgpu]
[172536.665274] Code: 75 18 00 00 4c 8b b2 88 00 00 00 8b 46 08 48 89 54 24 68 49 89 f7 4c 89 5c 24 60 31 d2 4c 89 74 24 30 85 c0 0f 85 c0 01 00 00 <48> 83 ba d8 01 00 00 00 48 8b b4 24 90 00 00 00 74 16 48 8b 46 10
[172536.665276] RSP: 0018:ffffb47c0e81bbe0 EFLAGS: 00010246
[172536.665277] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[172536.665278] RDX: 0000000000000000 RSI: ffffb47c0e81be28 RDI: ffffb47c0e81bd68
[172536.665279] RBP: ffff936524080010 R08: 0000000000000000 R09: ffffb47c0e81be38
[172536.665281] R10: ffff936524080010 R11: ffff936524080000 R12: ffffb47c0e81bc40
[172536.665282] R13: ffffb47c0e81be28 R14: ffff9367bc410000 R15: ffffb47c0e81be28
[172536.665283] FS: 00007fe35e05d740(0000) GS:ffff936c1edc0000(0000) knlGS:0000000000000000
[172536.665284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[172536.665286] CR2: 00000000000001d8 CR3: 0000000532e46000 CR4: 00000000000406e0
[172536.665287] Call Trace:
[172536.665322] ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]
[172536.665332] drm_ioctl_kernel+0xaa/0xf0 [drm]
[172536.665338] drm_ioctl+0x201/0x3b0 [drm]
[172536.665369] ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]
[172536.665372] ? selinux_file_ioctl+0x135/0x230
[172536.665399] amdgpu_drm_ioctl+0x49/0x80 [amdgpu]
[172536.665403] __x64_sys_ioctl+0x83/0xb0
[172536.665406] do_syscall_64+0x33/0x40
[172536.665409] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2018
Signed-off-by: Dave Airlie <airlied@redhat.com>
Cc: stable@vger.kernel.org
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
@@ -116,7 +116,7 @@ static int amdgpu_cs_parser_init(struct
int ret;
if (cs->in.num_chunks == 0)
- return 0;
+ return -EINVAL;
chunk_array = kmalloc_array(cs->in.num_chunks, sizeof(uint64_t), GFP_KERNEL);
if (!chunk_array)
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 379/452] drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (377 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 378/452] drm/amdgpu/cs: make commands with 0 chunks illegal behaviour Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 380/452] drm/nouveau/clk: Fix an incorrect NULL check on list iterator Greg Kroah-Hartman
` (78 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lucas Stach, Philipp Zabel,
Guido Günther
From: Lucas Stach <l.stach@pengutronix.de>
commit e168c25526cd0368af098095c2ded4a008007e1b upstream.
When the mapping is already reaped the unmap must be a no-op, as we
would otherwise try to remove the mapping twice, corrupting the involved
data structures.
Cc: stable@vger.kernel.org # 5.4
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Tested-by: Guido Günther <agx@sigxcpu.org>
Acked-by: Guido Günther <agx@sigxcpu.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/etnaviv/etnaviv_mmu.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/gpu/drm/etnaviv/etnaviv_mmu.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_mmu.c
@@ -282,6 +282,12 @@ void etnaviv_iommu_unmap_gem(struct etna
mutex_lock(&context->lock);
+ /* Bail if the mapping has been reaped by another thread */
+ if (!mapping->context) {
+ mutex_unlock(&context->lock);
+ return;
+ }
+
/* If the vram node is on the mm, unmap and remove the node */
if (mapping->vram_node.mm == &context->mm)
etnaviv_iommu_remove_mapping(context, mapping);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 380/452] drm/nouveau/clk: Fix an incorrect NULL check on list iterator
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (378 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 379/452] drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 381/452] drm/nouveau/kms/nv50-: atom: fix " Greg Kroah-Hartman
` (77 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Lyude Paul
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit 1c3b2a27def609473ed13b1cd668cb10deab49b4 upstream.
The bug is here:
if (nvkm_cstate_valid(clk, cstate, max_volt, clk->temp))
return cstate;
The list iterator value 'cstate' will *always* be set and non-NULL
by list_for_each_entry_from_reverse(), so it is incorrect to assume
that the iterator value will be unchanged if the list is empty or no
element is found (In fact, it will be a bogus pointer to an invalid
structure object containing the HEAD). Also it missed a NULL check
at callsite and may lead to invalid memory access after that.
To fix this bug, just return 'encoder' when found, otherwise return
NULL. And add the NULL check.
Cc: stable@vger.kernel.org
Fixes: 1f7f3d91ad38a ("drm/nouveau/clk: Respect voltage limits in nvkm_cstate_prog")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Signed-off-by: Lyude Paul <lyude@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220327075824.11806-1-xiam0nd.tong@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/clk/base.c
@@ -135,10 +135,10 @@ nvkm_cstate_find_best(struct nvkm_clk *c
list_for_each_entry_from_reverse(cstate, &pstate->list, head) {
if (nvkm_cstate_valid(clk, cstate, max_volt, clk->temp))
- break;
+ return cstate;
}
- return cstate;
+ return NULL;
}
static struct nvkm_cstate *
@@ -169,6 +169,8 @@ nvkm_cstate_prog(struct nvkm_clk *clk, s
if (!list_empty(&pstate->list)) {
cstate = nvkm_cstate_get(clk, pstate, cstatei);
cstate = nvkm_cstate_find_best(clk, pstate, cstate);
+ if (!cstate)
+ return -EINVAL;
} else {
cstate = &pstate->base;
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 381/452] drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (379 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 380/452] drm/nouveau/clk: Fix an incorrect NULL check on list iterator Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 382/452] drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX Greg Kroah-Hartman
` (76 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Lyude Paul
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit 6ce4431c7ba7954c4fa6a96ce16ca1b2943e1a83 upstream.
The bug is here:
return encoder;
The list iterator value 'encoder' will *always* be set and non-NULL
by drm_for_each_encoder_mask(), so it is incorrect to assume that the
iterator value will be NULL if the list is empty or no element found.
Otherwise it will bypass some NULL checks and lead to invalid memory
access passing the check.
To fix this bug, just return 'encoder' when found, otherwise return
NULL.
Cc: stable@vger.kernel.org
Fixes: 12885ecbfe62d ("drm/nouveau/kms/nvd9-: Add CRC support")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
[Changed commit title]
Signed-off-by: Lyude Paul <lyude@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220327073925.11121-1-xiam0nd.tong@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/dispnv50/atom.h | 6 +++---
drivers/gpu/drm/nouveau/dispnv50/crc.c | 27 ++++++++++++++++++++++-----
2 files changed, 25 insertions(+), 8 deletions(-)
--- a/drivers/gpu/drm/nouveau/dispnv50/atom.h
+++ b/drivers/gpu/drm/nouveau/dispnv50/atom.h
@@ -160,14 +160,14 @@ nv50_head_atom_get(struct drm_atomic_sta
static inline struct drm_encoder *
nv50_head_atom_get_encoder(struct nv50_head_atom *atom)
{
- struct drm_encoder *encoder = NULL;
+ struct drm_encoder *encoder;
/* We only ever have a single encoder */
drm_for_each_encoder_mask(encoder, atom->state.crtc->dev,
atom->state.encoder_mask)
- break;
+ return encoder;
- return encoder;
+ return NULL;
}
#define nv50_wndw_atom(p) container_of((p), struct nv50_wndw_atom, state)
--- a/drivers/gpu/drm/nouveau/dispnv50/crc.c
+++ b/drivers/gpu/drm/nouveau/dispnv50/crc.c
@@ -411,9 +411,18 @@ void nv50_crc_atomic_check_outp(struct n
struct nv50_head_atom *armh = nv50_head_atom(old_crtc_state);
struct nv50_head_atom *asyh = nv50_head_atom(new_crtc_state);
struct nv50_outp_atom *outp_atom;
- struct nouveau_encoder *outp =
- nv50_real_outp(nv50_head_atom_get_encoder(armh));
- struct drm_encoder *encoder = &outp->base.base;
+ struct nouveau_encoder *outp;
+ struct drm_encoder *encoder, *enc;
+
+ enc = nv50_head_atom_get_encoder(armh);
+ if (!enc)
+ continue;
+
+ outp = nv50_real_outp(enc);
+ if (!outp)
+ continue;
+
+ encoder = &outp->base.base;
if (!asyh->clr.crc)
continue;
@@ -464,8 +473,16 @@ void nv50_crc_atomic_set(struct nv50_hea
struct drm_device *dev = crtc->dev;
struct nv50_crc *crc = &head->crc;
const struct nv50_crc_func *func = nv50_disp(dev)->core->func->crc;
- struct nouveau_encoder *outp =
- nv50_real_outp(nv50_head_atom_get_encoder(asyh));
+ struct nouveau_encoder *outp;
+ struct drm_encoder *encoder;
+
+ encoder = nv50_head_atom_get_encoder(asyh);
+ if (!encoder)
+ return;
+
+ outp = nv50_real_outp(encoder);
+ if (!outp)
+ return;
func->set_src(head, outp->or,
nv50_crc_source_type(outp, asyh->crc.src),
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 382/452] drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (380 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 381/452] drm/nouveau/kms/nv50-: atom: fix " Greg Kroah-Hartman
@ 2022-06-07 17:03 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 383/452] drm/i915/dsi: fix VBT send packet port selection for ICL+ Greg Kroah-Hartman
` (75 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:03 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tomeu Vizoso, Brian Norris, Douglas Anderson
From: Brian Norris <briannorris@chromium.org>
commit 8fb6c44fe8468f92ac7b8bbfcca4404a4e88645f upstream.
If the display is not enable()d, then we aren't holding a runtime PM
reference here. Thus, it's easy to accidentally cause a hang, if user
space is poking around at /dev/drm_dp_aux0 at the "wrong" time.
Let's get a runtime PM reference, and check that we "see" the panel.
Don't force any panel power-up, etc., because that can be intrusive, and
that's not what other drivers do (see
drivers/gpu/drm/bridge/ti-sn65dsi86.c and
drivers/gpu/drm/bridge/parade-ps8640.c.)
Fixes: 0d97ad03f422 ("drm/bridge: analogix_dp: Remove duplicated code")
Cc: <stable@vger.kernel.org>
Cc: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220301181107.v4.1.I773a08785666ebb236917b0c8e6c05e3de471e75@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/bridge/analogix/analogix_dp_core.c
+++ b/drivers/gpu/drm/bridge/analogix/analogix_dp_core.c
@@ -1639,8 +1639,19 @@ static ssize_t analogix_dpaux_transfer(s
struct drm_dp_aux_msg *msg)
{
struct analogix_dp_device *dp = to_dp(aux);
+ int ret;
- return analogix_dp_transfer(dp, msg);
+ pm_runtime_get_sync(dp->dev);
+
+ ret = analogix_dp_detect_hpd(dp);
+ if (ret)
+ goto out;
+
+ ret = analogix_dp_transfer(dp, msg);
+out:
+ pm_runtime_put(dp->dev);
+
+ return ret;
}
struct analogix_dp_device *
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 383/452] drm/i915/dsi: fix VBT send packet port selection for ICL+
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (381 preceding siblings ...)
2022-06-07 17:03 ` [PATCH 5.10 382/452] drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 384/452] md: fix an incorrect NULL check in does_sb_need_changing Greg Kroah-Hartman
` (74 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ville Syrjala, Jani Nikula
From: Jani Nikula <jani.nikula@intel.com>
commit 0ea917819d12fed41ea4662cc26ffa0060a5c354 upstream.
The VBT send packet port selection was never updated for ICL+ where the
2nd link is on port B instead of port C as in VLV+ DSI.
First, single link DSI needs to use the configured port instead of
relying on the VBT sequence block port. Remove the hard-coded port C
check here and make it generic. For reference, see commit f915084edc5a
("drm/i915: Changes related to the sequence port no for") for the
original VLV specific fix.
Second, the sequence block port number is either 0 or 1, where 1
indicates the 2nd link. Remove the hard-coded port C here for 2nd
link. (This could be a "find second set bit" on DSI ports, but just
check the two possible options.)
Third, sanity check the result with a warning to avoid a NULL pointer
dereference.
Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/5984
Cc: stable@vger.kernel.org # v4.19+
Cc: Ville Syrjala <ville.syrjala@linux.intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220520094600.2066945-1-jani.nikula@intel.com
(cherry picked from commit 08c59dde71b73a0ac94e3ed2d431345b01f20485)
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/display/intel_dsi_vbt.c | 33 ++++++++++++++++++---------
1 file changed, 22 insertions(+), 11 deletions(-)
--- a/drivers/gpu/drm/i915/display/intel_dsi_vbt.c
+++ b/drivers/gpu/drm/i915/display/intel_dsi_vbt.c
@@ -121,9 +121,25 @@ struct i2c_adapter_lookup {
#define ICL_GPIO_DDPA_CTRLCLK_2 8
#define ICL_GPIO_DDPA_CTRLDATA_2 9
-static enum port intel_dsi_seq_port_to_port(u8 port)
+static enum port intel_dsi_seq_port_to_port(struct intel_dsi *intel_dsi,
+ u8 seq_port)
{
- return port ? PORT_C : PORT_A;
+ /*
+ * If single link DSI is being used on any port, the VBT sequence block
+ * send packet apparently always has 0 for the port. Just use the port
+ * we have configured, and ignore the sequence block port.
+ */
+ if (hweight8(intel_dsi->ports) == 1)
+ return ffs(intel_dsi->ports) - 1;
+
+ if (seq_port) {
+ if (intel_dsi->ports & PORT_B)
+ return PORT_B;
+ else if (intel_dsi->ports & PORT_C)
+ return PORT_C;
+ }
+
+ return PORT_A;
}
static const u8 *mipi_exec_send_packet(struct intel_dsi *intel_dsi,
@@ -145,15 +161,10 @@ static const u8 *mipi_exec_send_packet(s
seq_port = (flags >> MIPI_PORT_SHIFT) & 3;
- /* For DSI single link on Port A & C, the seq_port value which is
- * parsed from Sequence Block#53 of VBT has been set to 0
- * Now, read/write of packets for the DSI single link on Port A and
- * Port C will based on the DVO port from VBT block 2.
- */
- if (intel_dsi->ports == (1 << PORT_C))
- port = PORT_C;
- else
- port = intel_dsi_seq_port_to_port(seq_port);
+ port = intel_dsi_seq_port_to_port(intel_dsi, seq_port);
+
+ if (drm_WARN_ON(&dev_priv->drm, !intel_dsi->dsi_hosts[port]))
+ goto out;
dsi_device = intel_dsi->dsi_hosts[port]->device;
if (!dsi_device) {
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 384/452] md: fix an incorrect NULL check in does_sb_need_changing
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (382 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 383/452] drm/i915/dsi: fix VBT send packet port selection for ICL+ Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 385/452] md: fix an incorrect NULL check in md_reload_sb Greg Kroah-Hartman
` (73 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guoqing Jiang, Xiaomeng Tong,
Goldwyn Rodrigues, Song Liu
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit fc8738343eefc4ea8afb6122826dea48eacde514 upstream.
The bug is here:
if (!rdev)
The list iterator value 'rdev' will *always* be set and non-NULL
by rdev_for_each(), so it is incorrect to assume that the iterator
value will be NULL if the list is empty or no element found.
Otherwise it will bypass the NULL check and lead to invalid memory
access passing the check.
To fix the bug, use a new variable 'iter' as the list iterator,
while using the original variable 'rdev' as a dedicated pointer to
point to the found element.
Cc: stable@vger.kernel.org
Fixes: 2aa82191ac36 ("md-cluster: Perform a lazy update")
Acked-by: Guoqing Jiang <guoqing.jiang@linux.dev>
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Acked-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -2648,14 +2648,16 @@ static void sync_sbs(struct mddev *mddev
static bool does_sb_need_changing(struct mddev *mddev)
{
- struct md_rdev *rdev;
+ struct md_rdev *rdev = NULL, *iter;
struct mdp_superblock_1 *sb;
int role;
/* Find a good rdev */
- rdev_for_each(rdev, mddev)
- if ((rdev->raid_disk >= 0) && !test_bit(Faulty, &rdev->flags))
+ rdev_for_each(iter, mddev)
+ if ((iter->raid_disk >= 0) && !test_bit(Faulty, &iter->flags)) {
+ rdev = iter;
break;
+ }
/* No good device found. */
if (!rdev)
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 385/452] md: fix an incorrect NULL check in md_reload_sb
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (383 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 384/452] md: fix an incorrect NULL check in does_sb_need_changing Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 386/452] mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write Greg Kroah-Hartman
` (72 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Song Liu
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit 64c54d9244a4efe9bc6e9c98e13c4bbb8bb39083 upstream.
The bug is here:
if (!rdev || rdev->desc_nr != nr) {
The list iterator value 'rdev' will *always* be set and non-NULL
by rdev_for_each_rcu(), so it is incorrect to assume that the
iterator value will be NULL if the list is empty or no element
found (In fact, it will be a bogus pointer to an invalid struct
object containing the HEAD). Otherwise it will bypass the check
and lead to invalid memory access passing the check.
To fix the bug, use a new variable 'iter' as the list iterator,
while using the original variable 'pdev' as a dedicated pointer to
point to the found element.
Cc: stable@vger.kernel.org
Fixes: 70bcecdb1534 ("md-cluster: Improve md_reload_sb to be less error prone")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/md.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -9730,16 +9730,18 @@ static int read_rdev(struct mddev *mddev
void md_reload_sb(struct mddev *mddev, int nr)
{
- struct md_rdev *rdev;
+ struct md_rdev *rdev = NULL, *iter;
int err;
/* Find the rdev */
- rdev_for_each_rcu(rdev, mddev) {
- if (rdev->desc_nr == nr)
+ rdev_for_each_rcu(iter, mddev) {
+ if (iter->desc_nr == nr) {
+ rdev = iter;
break;
+ }
}
- if (!rdev || rdev->desc_nr != nr) {
+ if (!rdev) {
pr_warn("%s: %d Could not find rdev with nr %d\n", __func__, __LINE__, nr);
return;
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 386/452] mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (384 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 385/452] md: fix an incorrect NULL check in md_reload_sb Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 387/452] mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N Greg Kroah-Hartman
` (71 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tokunori Ikegami,
Vignesh Raghavendra, Miquel Raynal
From: Tokunori Ikegami <ikegami.t@gmail.com>
commit 083084df578a8bdb18334f69e7b32d690aaa3247 upstream.
This is a preparation patch for the S29GL064N buffer writes fix. There
is no functional change.
Link: https://lore.kernel.org/r/b687c259-6413-26c9-d4c9-b3afa69ea124@pengutronix.de/
Fixes: dfeae1073583("mtd: cfi_cmdset_0002: Change write buffer to check correct value")
Signed-off-by: Tokunori Ikegami <ikegami.t@gmail.com>
Cc: stable@vger.kernel.org
Acked-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220323170458.5608-2-ikegami.t@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/chips/cfi_cmdset_0002.c | 95 ++++++++++++------------------------
1 file changed, 32 insertions(+), 63 deletions(-)
--- a/drivers/mtd/chips/cfi_cmdset_0002.c
+++ b/drivers/mtd/chips/cfi_cmdset_0002.c
@@ -798,21 +798,25 @@ static struct mtd_info *cfi_amdstd_setup
}
/*
- * Return true if the chip is ready.
+ * Return true if the chip is ready and has the correct value.
*
* Ready is one of: read mode, query mode, erase-suspend-read mode (in any
* non-suspended sector) and is indicated by no toggle bits toggling.
*
+ * Error are indicated by toggling bits or bits held with the wrong value,
+ * or with bits toggling.
+ *
* Note that anything more complicated than checking if no bits are toggling
* (including checking DQ5 for an error status) is tricky to get working
* correctly and is therefore not done (particularly with interleaved chips
* as each chip must be checked independently of the others).
*/
static int __xipram chip_ready(struct map_info *map, struct flchip *chip,
- unsigned long addr)
+ unsigned long addr, map_word *expected)
{
struct cfi_private *cfi = map->fldrv_priv;
map_word d, t;
+ int ret;
if (cfi_use_status_reg(cfi)) {
map_word ready = CMD(CFI_SR_DRB);
@@ -822,57 +826,20 @@ static int __xipram chip_ready(struct ma
*/
cfi_send_gen_cmd(0x70, cfi->addr_unlock1, chip->start, map, cfi,
cfi->device_type, NULL);
- d = map_read(map, addr);
+ t = map_read(map, addr);
- return map_word_andequal(map, d, ready, ready);
+ return map_word_andequal(map, t, ready, ready);
}
d = map_read(map, addr);
t = map_read(map, addr);
- return map_word_equal(map, d, t);
-}
-
-/*
- * Return true if the chip is ready and has the correct value.
- *
- * Ready is one of: read mode, query mode, erase-suspend-read mode (in any
- * non-suspended sector) and it is indicated by no bits toggling.
- *
- * Error are indicated by toggling bits or bits held with the wrong value,
- * or with bits toggling.
- *
- * Note that anything more complicated than checking if no bits are toggling
- * (including checking DQ5 for an error status) is tricky to get working
- * correctly and is therefore not done (particularly with interleaved chips
- * as each chip must be checked independently of the others).
- *
- */
-static int __xipram chip_good(struct map_info *map, struct flchip *chip,
- unsigned long addr, map_word expected)
-{
- struct cfi_private *cfi = map->fldrv_priv;
- map_word oldd, curd;
-
- if (cfi_use_status_reg(cfi)) {
- map_word ready = CMD(CFI_SR_DRB);
-
- /*
- * For chips that support status register, check device
- * ready bit
- */
- cfi_send_gen_cmd(0x70, cfi->addr_unlock1, chip->start, map, cfi,
- cfi->device_type, NULL);
- curd = map_read(map, addr);
-
- return map_word_andequal(map, curd, ready, ready);
- }
+ ret = map_word_equal(map, d, t);
- oldd = map_read(map, addr);
- curd = map_read(map, addr);
+ if (!ret || !expected)
+ return ret;
- return map_word_equal(map, oldd, curd) &&
- map_word_equal(map, curd, expected);
+ return map_word_equal(map, t, *expected);
}
static int get_chip(struct map_info *map, struct flchip *chip, unsigned long adr, int mode)
@@ -889,7 +856,7 @@ static int get_chip(struct map_info *map
case FL_STATUS:
for (;;) {
- if (chip_ready(map, chip, adr))
+ if (chip_ready(map, chip, adr, NULL))
break;
if (time_after(jiffies, timeo)) {
@@ -927,7 +894,7 @@ static int get_chip(struct map_info *map
chip->state = FL_ERASE_SUSPENDING;
chip->erase_suspended = 1;
for (;;) {
- if (chip_ready(map, chip, adr))
+ if (chip_ready(map, chip, adr, NULL))
break;
if (time_after(jiffies, timeo)) {
@@ -1458,7 +1425,7 @@ static int do_otp_lock(struct map_info *
/* wait for chip to become ready */
timeo = jiffies + msecs_to_jiffies(2);
for (;;) {
- if (chip_ready(map, chip, adr))
+ if (chip_ready(map, chip, adr, NULL))
break;
if (time_after(jiffies, timeo)) {
@@ -1690,11 +1657,11 @@ static int __xipram do_write_oneword_onc
}
/*
- * We check "time_after" and "!chip_good" before checking
- * "chip_good" to avoid the failure due to scheduling.
+ * We check "time_after" and "!chip_ready" before checking
+ * "chip_ready" to avoid the failure due to scheduling.
*/
if (time_after(jiffies, timeo) &&
- !chip_good(map, chip, adr, datum)) {
+ !chip_ready(map, chip, adr, &datum)) {
xip_enable(map, chip, adr);
printk(KERN_WARNING "MTD %s(): software timeout\n", __func__);
xip_disable(map, chip, adr);
@@ -1702,7 +1669,7 @@ static int __xipram do_write_oneword_onc
break;
}
- if (chip_good(map, chip, adr, datum)) {
+ if (chip_ready(map, chip, adr, &datum)) {
if (cfi_check_err_status(map, chip, adr))
ret = -EIO;
break;
@@ -1970,18 +1937,18 @@ static int __xipram do_write_buffer_wait
}
/*
- * We check "time_after" and "!chip_good" before checking
- * "chip_good" to avoid the failure due to scheduling.
+ * We check "time_after" and "!chip_ready" before checking
+ * "chip_ready" to avoid the failure due to scheduling.
*/
if (time_after(jiffies, timeo) &&
- !chip_good(map, chip, adr, datum)) {
+ !chip_ready(map, chip, adr, &datum)) {
pr_err("MTD %s(): software timeout, address:0x%.8lx.\n",
__func__, adr);
ret = -EIO;
break;
}
- if (chip_good(map, chip, adr, datum)) {
+ if (chip_ready(map, chip, adr, &datum)) {
if (cfi_check_err_status(map, chip, adr))
ret = -EIO;
break;
@@ -2190,7 +2157,7 @@ static int cfi_amdstd_panic_wait(struct
* If the driver thinks the chip is idle, and no toggle bits
* are changing, then the chip is actually idle for sure.
*/
- if (chip->state == FL_READY && chip_ready(map, chip, adr))
+ if (chip->state == FL_READY && chip_ready(map, chip, adr, NULL))
return 0;
/*
@@ -2207,7 +2174,7 @@ static int cfi_amdstd_panic_wait(struct
/* wait for the chip to become ready */
for (i = 0; i < jiffies_to_usecs(timeo); i++) {
- if (chip_ready(map, chip, adr))
+ if (chip_ready(map, chip, adr, NULL))
return 0;
udelay(1);
@@ -2271,13 +2238,13 @@ retry:
map_write(map, datum, adr);
for (i = 0; i < jiffies_to_usecs(uWriteTimeout); i++) {
- if (chip_ready(map, chip, adr))
+ if (chip_ready(map, chip, adr, NULL))
break;
udelay(1);
}
- if (!chip_good(map, chip, adr, datum) ||
+ if (!chip_ready(map, chip, adr, &datum) ||
cfi_check_err_status(map, chip, adr)) {
/* reset on all failures. */
map_write(map, CMD(0xF0), chip->start);
@@ -2419,6 +2386,7 @@ static int __xipram do_erase_chip(struct
DECLARE_WAITQUEUE(wait, current);
int ret;
int retry_cnt = 0;
+ map_word datum = map_word_ff(map);
adr = cfi->addr_unlock1;
@@ -2473,7 +2441,7 @@ static int __xipram do_erase_chip(struct
chip->erase_suspended = 0;
}
- if (chip_good(map, chip, adr, map_word_ff(map))) {
+ if (chip_ready(map, chip, adr, &datum)) {
if (cfi_check_err_status(map, chip, adr))
ret = -EIO;
break;
@@ -2518,6 +2486,7 @@ static int __xipram do_erase_oneblock(st
DECLARE_WAITQUEUE(wait, current);
int ret;
int retry_cnt = 0;
+ map_word datum = map_word_ff(map);
adr += chip->start;
@@ -2572,7 +2541,7 @@ static int __xipram do_erase_oneblock(st
chip->erase_suspended = 0;
}
- if (chip_good(map, chip, adr, map_word_ff(map))) {
+ if (chip_ready(map, chip, adr, &datum)) {
if (cfi_check_err_status(map, chip, adr))
ret = -EIO;
break;
@@ -2766,7 +2735,7 @@ static int __maybe_unused do_ppb_xxlock(
*/
timeo = jiffies + msecs_to_jiffies(2000); /* 2s max (un)locking */
for (;;) {
- if (chip_ready(map, chip, adr))
+ if (chip_ready(map, chip, adr, NULL))
break;
if (time_after(jiffies, timeo)) {
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 387/452] mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (385 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 386/452] mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 388/452] media: coda: Fix reported H264 profile Greg Kroah-Hartman
` (70 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tokunori Ikegami,
Vignesh Raghavendra, Miquel Raynal
From: Tokunori Ikegami <ikegami.t@gmail.com>
commit 0a8e98305f63deaf0a799d5cf5532cc83af035d1 upstream.
Since commit dfeae1073583("mtd: cfi_cmdset_0002: Change write buffer to
check correct value") buffered writes fail on S29GL064N. This is
because, on S29GL064N, reads return 0xFF at the end of DQ polling for
write completion, where as, chip_good() check expects actual data
written to the last location to be returned post DQ polling completion.
Fix is to revert to using chip_good() for S29GL064N which only checks
for DQ lines to settle down to determine write completion.
Link: https://lore.kernel.org/r/b687c259-6413-26c9-d4c9-b3afa69ea124@pengutronix.de/
Fixes: dfeae1073583("mtd: cfi_cmdset_0002: Change write buffer to check correct value")
Cc: stable@vger.kernel.org
Signed-off-by: Tokunori Ikegami <ikegami.t@gmail.com>
Acked-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220323170458.5608-3-ikegami.t@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/chips/cfi_cmdset_0002.c | 42 +++++++++++++++++++++++++++++-------
include/linux/mtd/cfi.h | 1
2 files changed, 35 insertions(+), 8 deletions(-)
--- a/drivers/mtd/chips/cfi_cmdset_0002.c
+++ b/drivers/mtd/chips/cfi_cmdset_0002.c
@@ -59,6 +59,10 @@
#define CFI_SR_WBASB BIT(3)
#define CFI_SR_SLSB BIT(1)
+enum cfi_quirks {
+ CFI_QUIRK_DQ_TRUE_DATA = BIT(0),
+};
+
static int cfi_amdstd_read (struct mtd_info *, loff_t, size_t, size_t *, u_char *);
static int cfi_amdstd_write_words(struct mtd_info *, loff_t, size_t, size_t *, const u_char *);
#if !FORCE_WORD_WRITE
@@ -432,6 +436,15 @@ static void fixup_s29ns512p_sectors(stru
mtd->name);
}
+static void fixup_quirks(struct mtd_info *mtd)
+{
+ struct map_info *map = mtd->priv;
+ struct cfi_private *cfi = map->fldrv_priv;
+
+ if (cfi->mfr == CFI_MFR_AMD && cfi->id == 0x0c01)
+ cfi->quirks |= CFI_QUIRK_DQ_TRUE_DATA;
+}
+
/* Used to fix CFI-Tables of chips without Extended Query Tables */
static struct cfi_fixup cfi_nopri_fixup_table[] = {
{ CFI_MFR_SST, 0x234a, fixup_sst39vf }, /* SST39VF1602 */
@@ -470,6 +483,7 @@ static struct cfi_fixup cfi_fixup_table[
#if !FORCE_WORD_WRITE
{ CFI_MFR_ANY, CFI_ID_ANY, fixup_use_write_buffers },
#endif
+ { CFI_MFR_ANY, CFI_ID_ANY, fixup_quirks },
{ 0, 0, NULL }
};
static struct cfi_fixup jedec_fixup_table[] = {
@@ -842,6 +856,18 @@ static int __xipram chip_ready(struct ma
return map_word_equal(map, t, *expected);
}
+static int __xipram chip_good(struct map_info *map, struct flchip *chip,
+ unsigned long addr, map_word *expected)
+{
+ struct cfi_private *cfi = map->fldrv_priv;
+ map_word *datum = expected;
+
+ if (cfi->quirks & CFI_QUIRK_DQ_TRUE_DATA)
+ datum = NULL;
+
+ return chip_ready(map, chip, addr, datum);
+}
+
static int get_chip(struct map_info *map, struct flchip *chip, unsigned long adr, int mode)
{
DECLARE_WAITQUEUE(wait, current);
@@ -1657,11 +1683,11 @@ static int __xipram do_write_oneword_onc
}
/*
- * We check "time_after" and "!chip_ready" before checking
- * "chip_ready" to avoid the failure due to scheduling.
+ * We check "time_after" and "!chip_good" before checking
+ * "chip_good" to avoid the failure due to scheduling.
*/
if (time_after(jiffies, timeo) &&
- !chip_ready(map, chip, adr, &datum)) {
+ !chip_good(map, chip, adr, &datum)) {
xip_enable(map, chip, adr);
printk(KERN_WARNING "MTD %s(): software timeout\n", __func__);
xip_disable(map, chip, adr);
@@ -1669,7 +1695,7 @@ static int __xipram do_write_oneword_onc
break;
}
- if (chip_ready(map, chip, adr, &datum)) {
+ if (chip_good(map, chip, adr, &datum)) {
if (cfi_check_err_status(map, chip, adr))
ret = -EIO;
break;
@@ -1937,18 +1963,18 @@ static int __xipram do_write_buffer_wait
}
/*
- * We check "time_after" and "!chip_ready" before checking
- * "chip_ready" to avoid the failure due to scheduling.
+ * We check "time_after" and "!chip_good" before checking
+ * "chip_good" to avoid the failure due to scheduling.
*/
if (time_after(jiffies, timeo) &&
- !chip_ready(map, chip, adr, &datum)) {
+ !chip_good(map, chip, adr, &datum)) {
pr_err("MTD %s(): software timeout, address:0x%.8lx.\n",
__func__, adr);
ret = -EIO;
break;
}
- if (chip_ready(map, chip, adr, &datum)) {
+ if (chip_good(map, chip, adr, &datum)) {
if (cfi_check_err_status(map, chip, adr))
ret = -EIO;
break;
--- a/include/linux/mtd/cfi.h
+++ b/include/linux/mtd/cfi.h
@@ -286,6 +286,7 @@ struct cfi_private {
map_word sector_erase_cmd;
unsigned long chipshift; /* Because they're of the same type */
const char *im_name; /* inter_module name for cmdset_setup */
+ unsigned long quirks;
struct flchip chips[]; /* per-chip data structure for each chip */
};
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 388/452] media: coda: Fix reported H264 profile
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (386 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 387/452] mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 389/452] media: coda: Add more H264 levels for CODA960 Greg Kroah-Hartman
` (69 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Dufresne, Ezequiel Garcia,
Pascal Speck, Fabio Estevam, Philipp Zabel, Hans Verkuil,
Mauro Carvalho Chehab
From: Nicolas Dufresne <nicolas.dufresne@collabora.com>
commit 7110c08ea71953a7fc342f0b76046f72442cf26c upstream.
The CODA960 manual states that ASO/FMO features of baseline are not
supported, so for this reason this driver should only report
constrained baseline support.
This fixes negotiation issue with constrained baseline content
on GStreamer 1.17.1.
ASO/FMO features are unsupported for the encoder and untested for the
decoder because there is currently no userspace support. Neither GStreamer
parsers nor FFMPEG parsers support ASO/FMO.
Cc: stable@vger.kernel.org
Fixes: 42a68012e67c2 ("media: coda: add read-only h.264 decoder profile/level controls")
Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
Tested-by: Pascal Speck <kernel@iktek.de>
Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/platform/coda/coda-common.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/media/platform/coda/coda-common.c
+++ b/drivers/media/platform/coda/coda-common.c
@@ -2343,8 +2343,8 @@ static void coda_encode_ctrls(struct cod
V4L2_CID_MPEG_VIDEO_H264_CHROMA_QP_INDEX_OFFSET, -12, 12, 1, 0);
v4l2_ctrl_new_std_menu(&ctx->ctrls, &coda_ctrl_ops,
V4L2_CID_MPEG_VIDEO_H264_PROFILE,
- V4L2_MPEG_VIDEO_H264_PROFILE_BASELINE, 0x0,
- V4L2_MPEG_VIDEO_H264_PROFILE_BASELINE);
+ V4L2_MPEG_VIDEO_H264_PROFILE_CONSTRAINED_BASELINE, 0x0,
+ V4L2_MPEG_VIDEO_H264_PROFILE_CONSTRAINED_BASELINE);
if (ctx->dev->devtype->product == CODA_HX4 ||
ctx->dev->devtype->product == CODA_7541) {
v4l2_ctrl_new_std_menu(&ctx->ctrls, &coda_ctrl_ops,
@@ -2425,7 +2425,7 @@ static void coda_decode_ctrls(struct cod
ctx->h264_profile_ctrl = v4l2_ctrl_new_std_menu(&ctx->ctrls,
&coda_ctrl_ops, V4L2_CID_MPEG_VIDEO_H264_PROFILE,
V4L2_MPEG_VIDEO_H264_PROFILE_HIGH,
- ~((1 << V4L2_MPEG_VIDEO_H264_PROFILE_BASELINE) |
+ ~((1 << V4L2_MPEG_VIDEO_H264_PROFILE_CONSTRAINED_BASELINE) |
(1 << V4L2_MPEG_VIDEO_H264_PROFILE_MAIN) |
(1 << V4L2_MPEG_VIDEO_H264_PROFILE_HIGH)),
V4L2_MPEG_VIDEO_H264_PROFILE_HIGH);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 389/452] media: coda: Add more H264 levels for CODA960
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (387 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 388/452] media: coda: Fix reported H264 profile Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 390/452] ima: remove the IMA_TEMPLATE Kconfig option Greg Kroah-Hartman
` (68 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Philipp Zabel, Nicolas Dufresne,
Ezequiel Garcia, Fabio Estevam, Hans Verkuil,
Mauro Carvalho Chehab
From: Nicolas Dufresne <nicolas.dufresne@collabora.com>
commit eb2fd187abc878a2dfad46902becb74963473c7d upstream.
Add H264 level 1.0, 4.1, 4.2 to the list of supported formats.
While the hardware does not fully support these levels, it does support
most of them. The constraints on frame size and pixel formats already
cover the limitation.
This fixes negotiation of level on GStreamer 1.17.1.
Cc: stable@vger.kernel.org
Fixes: 42a68012e67c2 ("media: coda: add read-only h.264 decoder profile/level controls")
Suggested-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/platform/coda/coda-common.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/media/platform/coda/coda-common.c
+++ b/drivers/media/platform/coda/coda-common.c
@@ -2358,12 +2358,15 @@ static void coda_encode_ctrls(struct cod
if (ctx->dev->devtype->product == CODA_960) {
v4l2_ctrl_new_std_menu(&ctx->ctrls, &coda_ctrl_ops,
V4L2_CID_MPEG_VIDEO_H264_LEVEL,
- V4L2_MPEG_VIDEO_H264_LEVEL_4_0,
- ~((1 << V4L2_MPEG_VIDEO_H264_LEVEL_2_0) |
+ V4L2_MPEG_VIDEO_H264_LEVEL_4_2,
+ ~((1 << V4L2_MPEG_VIDEO_H264_LEVEL_1_0) |
+ (1 << V4L2_MPEG_VIDEO_H264_LEVEL_2_0) |
(1 << V4L2_MPEG_VIDEO_H264_LEVEL_3_0) |
(1 << V4L2_MPEG_VIDEO_H264_LEVEL_3_1) |
(1 << V4L2_MPEG_VIDEO_H264_LEVEL_3_2) |
- (1 << V4L2_MPEG_VIDEO_H264_LEVEL_4_0)),
+ (1 << V4L2_MPEG_VIDEO_H264_LEVEL_4_0) |
+ (1 << V4L2_MPEG_VIDEO_H264_LEVEL_4_1) |
+ (1 << V4L2_MPEG_VIDEO_H264_LEVEL_4_2)),
V4L2_MPEG_VIDEO_H264_LEVEL_4_0);
}
v4l2_ctrl_new_std(&ctx->ctrls, &coda_ctrl_ops,
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 390/452] ima: remove the IMA_TEMPLATE Kconfig option
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (388 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 389/452] media: coda: Add more H264 levels for CODA960 Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 391/452] Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug Greg Kroah-Hartman
` (67 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, GUO Zihua, Stable, Mimi Zohar
From: GUO Zihua <guozihua@huawei.com>
commit 891163adf180bc369b2f11c9dfce6d2758d2a5bd upstream.
The original 'ima' measurement list template contains a hash, defined
as 20 bytes, and a null terminated pathname, limited to 255
characters. Other measurement list templates permit both larger hashes
and longer pathnames. When the "ima" template is configured as the
default, a new measurement list template (ima_template=) must be
specified before specifying a larger hash algorithm (ima_hash=) on the
boot command line.
To avoid this boot command line ordering issue, remove the legacy "ima"
template configuration option, allowing it to still be specified on the
boot command line.
The root cause of this issue is that during the processing of ima_hash,
we would try to check whether the hash algorithm is compatible with the
template. If the template is not set at the moment we do the check, we
check the algorithm against the configured default template. If the
default template is "ima", then we reject any hash algorithm other than
sha1 and md5.
For example, if the compiled default template is "ima", and the default
algorithm is sha1 (which is the current default). In the cmdline, we put
in "ima_hash=sha256 ima_template=ima-ng". The expected behavior would be
that ima starts with ima-ng as the template and sha256 as the hash
algorithm. However, during the processing of "ima_hash=",
"ima_template=" has not been processed yet, and hash_setup would check
the configured hash algorithm against the compiled default: ima, and
reject sha256. So at the end, the hash algorithm that is actually used
will be sha1.
With template "ima" removed from the configured default, we ensure that
the default tempalte would at least be "ima-ng" which allows for
basically any hash algorithm.
This change would not break the algorithm compatibility checks for IMA.
Fixes: 4286587dccd43 ("ima: add Kconfig default measurement list template")
Signed-off-by: GUO Zihua <guozihua@huawei.com>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/ima/Kconfig | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -69,10 +69,9 @@ choice
hash, defined as 20 bytes, and a null terminated pathname,
limited to 255 characters. The 'ima-ng' measurement list
template permits both larger hash digests and longer
- pathnames.
+ pathnames. The configured default template can be replaced
+ by specifying "ima_template=" on the boot command line.
- config IMA_TEMPLATE
- bool "ima"
config IMA_NG_TEMPLATE
bool "ima-ng (default)"
config IMA_SIG_TEMPLATE
@@ -82,7 +81,6 @@ endchoice
config IMA_DEFAULT_TEMPLATE
string
depends on IMA
- default "ima" if IMA_TEMPLATE
default "ima-ng" if IMA_NG_TEMPLATE
default "ima-sig" if IMA_SIG_TEMPLATE
@@ -102,19 +100,19 @@ choice
config IMA_DEFAULT_HASH_SHA256
bool "SHA256"
- depends on CRYPTO_SHA256=y && !IMA_TEMPLATE
+ depends on CRYPTO_SHA256=y
config IMA_DEFAULT_HASH_SHA512
bool "SHA512"
- depends on CRYPTO_SHA512=y && !IMA_TEMPLATE
+ depends on CRYPTO_SHA512=y
config IMA_DEFAULT_HASH_WP512
bool "WP512"
- depends on CRYPTO_WP512=y && !IMA_TEMPLATE
+ depends on CRYPTO_WP512=y
config IMA_DEFAULT_HASH_SM3
bool "SM3"
- depends on CRYPTO_SM3=y && !IMA_TEMPLATE
+ depends on CRYPTO_SM3=y
endchoice
config IMA_DEFAULT_HASH
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 391/452] Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (389 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 390/452] ima: remove the IMA_TEMPLATE Kconfig option Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 392/452] RDMA/hfi1: Fix potential integer multiplication overflow errors Greg Kroah-Hartman
` (66 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nick Desaulniers,
Sean Christopherson, Paolo Bonzini
From: Sean Christopherson <seanjc@google.com>
commit 1aa0e8b144b6474c4914439d232d15bfe883636b upstream.
Add a config option to guard (future) usage of asm_volatile_goto() that
includes "tied outputs", i.e. "+" constraints that specify both an input
and output parameter. clang-13 has a bug[1] that causes compilation of
such inline asm to fail, and KVM wants to use a "+m" constraint to
implement a uaccess form of CMPXCHG[2]. E.g. the test code fails with
<stdin>:1:29: error: invalid operand in inline asm: '.long (${1:l}) - .'
int foo(int *x) { asm goto (".long (%l[bar]) - .\n": "+m"(*x) ::: bar); return *x; bar: return 0; }
^
<stdin>:1:29: error: unknown token in expression
<inline asm>:1:9: note: instantiated into assembly here
.long () - .
^
2 errors generated.
on clang-13, but passes on gcc (with appropriate asm goto support). The
bug is fixed in clang-14, but won't be backported to clang-13 as the
changes are too invasive/risky.
gcc also had a similar bug[3], fixed in gcc-11, where gcc failed to
account for its behavior of assigning two numbers to tied outputs (one
for input, one for output) when evaluating symbolic references.
[1] https://github.com/ClangBuiltLinux/linux/issues/1512
[2] https://lore.kernel.org/all/YfMruK8%2F1izZ2VHS@google.com
[3] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98096
Suggested-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220202004945.2540433-2-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
init/Kconfig | 5 +++++
1 file changed, 5 insertions(+)
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -68,6 +68,11 @@ config CC_HAS_ASM_GOTO_OUTPUT
depends on CC_HAS_ASM_GOTO
def_bool $(success,echo 'int foo(int x) { asm goto ("": "=r"(x) ::: bar); return x; bar: return 0; }' | $(CC) -x c - -c -o /dev/null)
+config CC_HAS_ASM_GOTO_TIED_OUTPUT
+ depends on CC_HAS_ASM_GOTO_OUTPUT
+ # Detect buggy gcc and clang, fixed in gcc-11 clang-14.
+ def_bool $(success,echo 'int foo(int *x) { asm goto (".long (%l[bar]) - .\n": "+m"(*x) ::: bar); return *x; bar: return 0; }' | $CC -x c - -c -o /dev/null)
+
config TOOLS_SUPPORT_RELR
def_bool $(success,env "CC=$(CC)" "LD=$(LD)" "NM=$(NM)" "OBJCOPY=$(OBJCOPY)" $(srctree)/scripts/tools-support-relr.sh)
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 392/452] RDMA/hfi1: Fix potential integer multiplication overflow errors
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (390 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 391/452] Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 393/452] csky: patch_text: Fixup last cpu should be master Greg Kroah-Hartman
` (65 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Marciniszyn, Dennis Dalessandro,
Jason Gunthorpe
From: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
commit f93e91a0372c922c20d5bee260b0f43b4b8a1bee upstream.
When multiplying of different types, an overflow is possible even when
storing the result in a larger type. This is because the conversion is
done after the multiplication. So arithmetic overflow and thus in
incorrect value is possible.
Correct an instance of this in the inter packet delay calculation. Fix by
ensuring one of the operands is u64 which will promote the other to u64 as
well ensuring no overflow.
Cc: stable@vger.kernel.org
Fixes: 7724105686e7 ("IB/hfi1: add driver files")
Link: https://lore.kernel.org/r/20220520183712.48973.29855.stgit@awfm-01.cornelisnetworks.com
Reviewed-by: Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/hfi1/init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/infiniband/hw/hfi1/init.c
+++ b/drivers/infiniband/hw/hfi1/init.c
@@ -530,7 +530,7 @@ void set_link_ipg(struct hfi1_pportdata
u16 shift, mult;
u64 src;
u32 current_egress_rate; /* Mbits /sec */
- u32 max_pkt_time;
+ u64 max_pkt_time;
/*
* max_pkt_time is the maximum packet egress time in units
* of the fabric clock period 1/(805 MHz).
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 393/452] csky: patch_text: Fixup last cpu should be master
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (391 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 392/452] RDMA/hfi1: Fix potential integer multiplication overflow errors Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 394/452] irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x Greg Kroah-Hartman
` (64 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guo Ren, Guo Ren, Masami Hiramatsu
From: Guo Ren <guoren@linux.alibaba.com>
commit 8c4d16471e2babe9bdfe41d6ef724526629696cb upstream.
These patch_text implementations are using stop_machine_cpuslocked
infrastructure with atomic cpu_count. The original idea: When the
master CPU patch_text, the others should wait for it. But current
implementation is using the first CPU as master, which couldn't
guarantee the remaining CPUs are waiting. This patch changes the
last CPU as the master to solve the potential risk.
Fixes: 33e53ae1ce41 ("csky: Add kprobes supported")
Signed-off-by: Guo Ren <guoren@linux.alibaba.com>
Signed-off-by: Guo Ren <guoren@kernel.org>
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/csky/kernel/probes/kprobes.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/csky/kernel/probes/kprobes.c
+++ b/arch/csky/kernel/probes/kprobes.c
@@ -28,7 +28,7 @@ static int __kprobes patch_text_cb(void
struct csky_insn_patch *param = priv;
unsigned int addr = (unsigned int)param->addr;
- if (atomic_inc_return(¶m->cpu_count) == 1) {
+ if (atomic_inc_return(¶m->cpu_count) == num_online_cpus()) {
*(u16 *) addr = cpu_to_le16(param->opcode);
dcache_wb_range(addr, addr + 2);
atomic_inc(¶m->cpu_count);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 394/452] irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (392 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 393/452] csky: patch_text: Fixup last cpu should be master Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 395/452] irqchip: irq-xtensa-mx: fix initial IRQ affinity Greg Kroah-Hartman
` (63 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Andrew Lunn, Marc Zyngier
From: Pali Rohár <pali@kernel.org>
commit a3d66a76348daf559873f19afc912a2a7c2ccdaf upstream.
Register ARMADA_370_XP_INT_FABRIC_MASK_OFFS is Armada 370 and XP specific
and on new Armada platforms it has different meaning. It does not configure
Performance Counter Overflow interrupt masking. So do not touch this
register on non-A370/XP platforms (A375, A38x and A39x).
Signed-off-by: Pali Rohár <pali@kernel.org>
Cc: stable@vger.kernel.org
Fixes: 28da06dfd9e4 ("irqchip: armada-370-xp: Enable the PMU interrupts")
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20220425113706.29310-1-pali@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/irqchip/irq-armada-370-xp.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
--- a/drivers/irqchip/irq-armada-370-xp.c
+++ b/drivers/irqchip/irq-armada-370-xp.c
@@ -308,7 +308,16 @@ static inline int armada_370_xp_msi_init
static void armada_xp_mpic_perf_init(void)
{
- unsigned long cpuid = cpu_logical_map(smp_processor_id());
+ unsigned long cpuid;
+
+ /*
+ * This Performance Counter Overflow interrupt is specific for
+ * Armada 370 and XP. It is not available on Armada 375, 38x and 39x.
+ */
+ if (!of_machine_is_compatible("marvell,armada-370-xp"))
+ return;
+
+ cpuid = cpu_logical_map(smp_processor_id());
/* Enable Performance Counter Overflow interrupts */
writel(ARMADA_370_XP_INT_CAUSE_PERF(cpuid),
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 395/452] irqchip: irq-xtensa-mx: fix initial IRQ affinity
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (393 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 394/452] irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 396/452] cfg80211: declare MODULE_FIRMWARE for regulatory.db Greg Kroah-Hartman
` (62 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Max Filippov
From: Max Filippov <jcmvbkbc@gmail.com>
commit a255ee29252066d621df5d6b420bf534c6ba5bc0 upstream.
When irq-xtensa-mx chip is used in non-SMP configuration its
irq_set_affinity callback is not called leaving IRQ affinity set empty.
As a result IRQ delivery does not work in that configuration.
Initialize IRQ affinity of the xtensa MX interrupt distributor to CPU 0
for all external IRQ lines.
Cc: stable@vger.kernel.org
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/irqchip/irq-xtensa-mx.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
--- a/drivers/irqchip/irq-xtensa-mx.c
+++ b/drivers/irqchip/irq-xtensa-mx.c
@@ -151,14 +151,25 @@ static struct irq_chip xtensa_mx_irq_chi
.irq_set_affinity = xtensa_mx_irq_set_affinity,
};
+static void __init xtensa_mx_init_common(struct irq_domain *root_domain)
+{
+ unsigned int i;
+
+ irq_set_default_host(root_domain);
+ secondary_init_irq();
+
+ /* Initialize default IRQ routing to CPU 0 */
+ for (i = 0; i < XCHAL_NUM_EXTINTERRUPTS; ++i)
+ set_er(1, MIROUT(i));
+}
+
int __init xtensa_mx_init_legacy(struct device_node *interrupt_parent)
{
struct irq_domain *root_domain =
irq_domain_add_legacy(NULL, NR_IRQS - 1, 1, 0,
&xtensa_mx_irq_domain_ops,
&xtensa_mx_irq_chip);
- irq_set_default_host(root_domain);
- secondary_init_irq();
+ xtensa_mx_init_common(root_domain);
return 0;
}
@@ -168,8 +179,7 @@ static int __init xtensa_mx_init(struct
struct irq_domain *root_domain =
irq_domain_add_linear(np, NR_IRQS, &xtensa_mx_irq_domain_ops,
&xtensa_mx_irq_chip);
- irq_set_default_host(root_domain);
- secondary_init_irq();
+ xtensa_mx_init_common(root_domain);
return 0;
}
IRQCHIP_DECLARE(xtensa_mx_irq_chip, "cdns,xtensa-mx", xtensa_mx_init);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 396/452] cfg80211: declare MODULE_FIRMWARE for regulatory.db
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (394 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 395/452] irqchip: irq-xtensa-mx: fix initial IRQ affinity Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 397/452] mac80211: upgrade passive scan to active scan on DFS channels after beacon rx Greg Kroah-Hartman
` (61 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dimitri John Ledkov, Johannes Berg
From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
commit 7bc7981eeebe1b8e603ad2ffc5e84f4df76920dd upstream.
Add MODULE_FIRMWARE declarations for regulatory.db and
regulatory.db.p7s such that userspace tooling can discover and include
these files.
Cc: stable@vger.kernel.org
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Link: https://lore.kernel.org/r/20220414125004.267819-1-dimitri.ledkov@canonical.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/wireless/reg.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -787,6 +787,8 @@ static int __init load_builtin_regdb_key
return 0;
}
+MODULE_FIRMWARE("regulatory.db.p7s");
+
static bool regdb_has_valid_signature(const u8 *data, unsigned int size)
{
const struct firmware *sig;
@@ -1058,6 +1060,8 @@ static void regdb_fw_cb(const struct fir
release_firmware(fw);
}
+MODULE_FIRMWARE("regulatory.db");
+
static int query_regdb_file(const char *alpha2)
{
ASSERT_RTNL();
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 397/452] mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (395 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 396/452] cfg80211: declare MODULE_FIRMWARE for regulatory.db Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 398/452] um: chan_user: Fix winch_tramp() return value Greg Kroah-Hartman
` (60 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Catrinel Catrinescu, Felix Fietkau,
Johannes Berg
From: Felix Fietkau <nbd@nbd.name>
commit b041b7b9de6e1d4362de855ab90f9d03ef323edd upstream.
In client mode, we can't connect to hidden SSID APs or SSIDs not advertised
in beacons on DFS channels, since we're forced to passive scan. Fix this by
sending out a probe request immediately after the first beacon, if active
scan was requested by the user.
Cc: stable@vger.kernel.org
Reported-by: Catrinel Catrinescu <cc@80211.de>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Link: https://lore.kernel.org/r/20220420104907.36275-1-nbd@nbd.name
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/ieee80211_i.h | 5 +++++
net/mac80211/scan.c | 20 ++++++++++++++++++++
2 files changed, 25 insertions(+)
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1103,6 +1103,9 @@ struct tpt_led_trigger {
* a scan complete for an aborted scan.
* @SCAN_HW_CANCELLED: Set for our scan work function when the scan is being
* cancelled.
+ * @SCAN_BEACON_WAIT: Set whenever we're passive scanning because of radar/no-IR
+ * and could send a probe request after receiving a beacon.
+ * @SCAN_BEACON_DONE: Beacon received, we can now send a probe request
*/
enum {
SCAN_SW_SCANNING,
@@ -1111,6 +1114,8 @@ enum {
SCAN_COMPLETED,
SCAN_ABORTED,
SCAN_HW_CANCELLED,
+ SCAN_BEACON_WAIT,
+ SCAN_BEACON_DONE,
};
/**
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -277,6 +277,16 @@ void ieee80211_scan_rx(struct ieee80211_
if (likely(!sdata1 && !sdata2))
return;
+ if (test_and_clear_bit(SCAN_BEACON_WAIT, &local->scanning)) {
+ /*
+ * we were passive scanning because of radar/no-IR, but
+ * the beacon/proberesp rx gives us an opportunity to upgrade
+ * to active scan
+ */
+ set_bit(SCAN_BEACON_DONE, &local->scanning);
+ ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 0);
+ }
+
if (ieee80211_is_probe_resp(mgmt->frame_control)) {
struct cfg80211_scan_request *scan_req;
struct cfg80211_sched_scan_request *sched_scan_req;
@@ -783,6 +793,8 @@ static int __ieee80211_start_scan(struct
IEEE80211_CHAN_RADAR)) ||
!req->n_ssids) {
next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
+ if (req->n_ssids)
+ set_bit(SCAN_BEACON_WAIT, &local->scanning);
} else {
ieee80211_scan_state_send_probe(local, &next_delay);
next_delay = IEEE80211_CHANNEL_TIME;
@@ -994,6 +1006,8 @@ set_channel:
!scan_req->n_ssids) {
*next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
local->next_scan_state = SCAN_DECISION;
+ if (scan_req->n_ssids)
+ set_bit(SCAN_BEACON_WAIT, &local->scanning);
return;
}
@@ -1086,6 +1100,8 @@ void ieee80211_scan_work(struct work_str
goto out;
}
+ clear_bit(SCAN_BEACON_WAIT, &local->scanning);
+
/*
* as long as no delay is required advance immediately
* without scheduling a new work
@@ -1096,6 +1112,10 @@ void ieee80211_scan_work(struct work_str
goto out_complete;
}
+ if (test_and_clear_bit(SCAN_BEACON_DONE, &local->scanning) &&
+ local->next_scan_state == SCAN_DECISION)
+ local->next_scan_state = SCAN_SEND_PROBE;
+
switch (local->next_scan_state) {
case SCAN_DECISION:
/* if no more bands/channels left, complete scan */
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 398/452] um: chan_user: Fix winch_tramp() return value
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (396 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 397/452] mac80211: upgrade passive scan to active scan on DFS channels after beacon rx Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 399/452] um: Fix out-of-bounds read in LDT setup Greg Kroah-Hartman
` (59 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johannes Berg, Richard Weinberger,
Nathan Chancellor
From: Johannes Berg <johannes.berg@intel.com>
commit 57ae0b67b747031bc41fb44643aa5344ab58607e upstream.
The previous fix here was only partially correct, it did
result in returning a proper error value in case of error,
but it also clobbered the pid that we need to return from
this function (not just zero for success).
As a result, it returned 0 here, but later this is treated
as a pid and used to kill the process, but since it's now
0 we kill(0, SIGKILL), which makes UML kill itself rather
than just the helper thread.
Fix that and make it more obvious by using a separate
variable for the pid.
Fixes: ccf1236ecac4 ("um: fix error return code in winch_tramp()")
Reported-and-tested-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/um/drivers/chan_user.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- a/arch/um/drivers/chan_user.c
+++ b/arch/um/drivers/chan_user.c
@@ -220,7 +220,7 @@ static int winch_tramp(int fd, struct tt
unsigned long *stack_out)
{
struct winch_data data;
- int fds[2], n, err;
+ int fds[2], n, err, pid;
char c;
err = os_pipe(fds, 1, 1);
@@ -238,8 +238,9 @@ static int winch_tramp(int fd, struct tt
* problem with /dev/net/tun, which if held open by this
* thread, prevents the TUN/TAP device from being reused.
*/
- err = run_helper_thread(winch_thread, &data, CLONE_FILES, stack_out);
- if (err < 0) {
+ pid = run_helper_thread(winch_thread, &data, CLONE_FILES, stack_out);
+ if (pid < 0) {
+ err = pid;
printk(UM_KERN_ERR "fork of winch_thread failed - errno = %d\n",
-err);
goto out_close;
@@ -263,7 +264,7 @@ static int winch_tramp(int fd, struct tt
goto out_close;
}
- return err;
+ return pid;
out_close:
close(fds[1]);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 399/452] um: Fix out-of-bounds read in LDT setup
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (397 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 398/452] um: chan_user: Fix winch_tramp() return value Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 400/452] kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] Greg Kroah-Hartman
` (58 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Whitchurch, Richard Weinberger
From: Vincent Whitchurch <vincent.whitchurch@axis.com>
commit 2a4a62a14be1947fa945c5c11ebf67326381a568 upstream.
syscall_stub_data() expects the data_count parameter to be the number of
longs, not bytes.
==================================================================
BUG: KASAN: stack-out-of-bounds in syscall_stub_data+0x70/0xe0
Read of size 128 at addr 000000006411f6f0 by task swapper/1
CPU: 0 PID: 1 Comm: swapper Not tainted 5.18.0+ #18
Call Trace:
show_stack.cold+0x166/0x2a7
__dump_stack+0x3a/0x43
dump_stack_lvl+0x1f/0x27
print_report.cold+0xdb/0xf81
kasan_report+0x119/0x1f0
kasan_check_range+0x3a3/0x440
memcpy+0x52/0x140
syscall_stub_data+0x70/0xe0
write_ldt_entry+0xac/0x190
init_new_ldt+0x515/0x960
init_new_context+0x2c4/0x4d0
mm_init.constprop.0+0x5ed/0x760
mm_alloc+0x118/0x170
0x60033f48
do_one_initcall+0x1d7/0x860
0x60003e7b
kernel_init+0x6e/0x3d4
new_thread_handler+0x1e7/0x2c0
The buggy address belongs to stack of task swapper/1
and is located at offset 64 in frame:
init_new_ldt+0x0/0x960
This frame has 2 objects:
[32, 40) 'addr'
[64, 80) 'desc'
==================================================================
Fixes: 858259cf7d1c443c83 ("uml: maintain own LDT entries")
Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
Cc: stable@vger.kernel.org
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/um/ldt.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/arch/x86/um/ldt.c
+++ b/arch/x86/um/ldt.c
@@ -23,9 +23,11 @@ static long write_ldt_entry(struct mm_id
{
long res;
void *stub_addr;
+
+ BUILD_BUG_ON(sizeof(*desc) % sizeof(long));
+
res = syscall_stub_data(mm_idp, (unsigned long *)desc,
- (sizeof(*desc) + sizeof(long) - 1) &
- ~(sizeof(long) - 1),
+ sizeof(*desc) / sizeof(long),
addr, &stub_addr);
if (!res) {
unsigned long args[] = { func,
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 400/452] kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (398 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 399/452] um: Fix out-of-bounds read in LDT setup Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 401/452] ftrace: Clean up hash direct_functions on register failures Greg Kroah-Hartman
` (57 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Naveen N. Rao,
Eric W. Biederman, Andrew Morton
From: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
commit 3e35142ef99fe6b4fe5d834ad43ee13cca10a2dc upstream.
Since commit d1bcae833b32f1 ("ELF: Don't generate unused section
symbols") [1], binutils (v2.36+) started dropping section symbols that
it thought were unused. This isn't an issue in general, but with
kexec_file.c, gcc is placing kexec_arch_apply_relocations[_add] into a
separate .text.unlikely section and the section symbol ".text.unlikely"
is being dropped. Due to this, recordmcount is unable to find a non-weak
symbol in .text.unlikely to generate a relocation record against.
Address this by dropping the weak attribute from these functions.
Instead, follow the existing pattern of having architectures #define the
name of the function they want to override in their headers.
[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=d1bcae833b32f1
[akpm@linux-foundation.org: arch/s390/include/asm/kexec.h needs linux/module.h]
Link: https://lkml.kernel.org/r/20220519091237.676736-1-naveen.n.rao@linux.vnet.ibm.com
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/include/asm/kexec.h | 10 +++++++++
arch/x86/include/asm/kexec.h | 8 +++++++
include/linux/kexec.h | 46 ++++++++++++++++++++++++++++++++++--------
kernel/kexec_file.c | 34 -------------------------------
4 files changed, 56 insertions(+), 42 deletions(-)
--- a/arch/s390/include/asm/kexec.h
+++ b/arch/s390/include/asm/kexec.h
@@ -9,6 +9,8 @@
#ifndef _S390_KEXEC_H
#define _S390_KEXEC_H
+#include <linux/module.h>
+
#include <asm/processor.h>
#include <asm/page.h>
#include <asm/setup.h>
@@ -83,4 +85,12 @@ struct kimage_arch {
extern const struct kexec_file_ops s390_kexec_image_ops;
extern const struct kexec_file_ops s390_kexec_elf_ops;
+#ifdef CONFIG_KEXEC_FILE
+struct purgatory_info;
+int arch_kexec_apply_relocations_add(struct purgatory_info *pi,
+ Elf_Shdr *section,
+ const Elf_Shdr *relsec,
+ const Elf_Shdr *symtab);
+#define arch_kexec_apply_relocations_add arch_kexec_apply_relocations_add
+#endif
#endif /*_S390_KEXEC_H */
--- a/arch/x86/include/asm/kexec.h
+++ b/arch/x86/include/asm/kexec.h
@@ -191,6 +191,14 @@ extern int arch_kexec_post_alloc_pages(v
extern void arch_kexec_pre_free_pages(void *vaddr, unsigned int pages);
#define arch_kexec_pre_free_pages arch_kexec_pre_free_pages
+#ifdef CONFIG_KEXEC_FILE
+struct purgatory_info;
+int arch_kexec_apply_relocations_add(struct purgatory_info *pi,
+ Elf_Shdr *section,
+ const Elf_Shdr *relsec,
+ const Elf_Shdr *symtab);
+#define arch_kexec_apply_relocations_add arch_kexec_apply_relocations_add
+#endif
#endif
typedef void crash_vmclear_fn(void);
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -187,14 +187,6 @@ void *kexec_purgatory_get_symbol_addr(st
int arch_kexec_kernel_image_probe(struct kimage *image, void *buf,
unsigned long buf_len);
void *arch_kexec_kernel_image_load(struct kimage *image);
-int arch_kexec_apply_relocations_add(struct purgatory_info *pi,
- Elf_Shdr *section,
- const Elf_Shdr *relsec,
- const Elf_Shdr *symtab);
-int arch_kexec_apply_relocations(struct purgatory_info *pi,
- Elf_Shdr *section,
- const Elf_Shdr *relsec,
- const Elf_Shdr *symtab);
int arch_kimage_file_post_load_cleanup(struct kimage *image);
#ifdef CONFIG_KEXEC_SIG
int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
@@ -223,6 +215,44 @@ extern int crash_exclude_mem_range(struc
unsigned long long mend);
extern int crash_prepare_elf64_headers(struct crash_mem *mem, int kernel_map,
void **addr, unsigned long *sz);
+
+#ifndef arch_kexec_apply_relocations_add
+/*
+ * arch_kexec_apply_relocations_add - apply relocations of type RELA
+ * @pi: Purgatory to be relocated.
+ * @section: Section relocations applying to.
+ * @relsec: Section containing RELAs.
+ * @symtab: Corresponding symtab.
+ *
+ * Return: 0 on success, negative errno on error.
+ */
+static inline int
+arch_kexec_apply_relocations_add(struct purgatory_info *pi, Elf_Shdr *section,
+ const Elf_Shdr *relsec, const Elf_Shdr *symtab)
+{
+ pr_err("RELA relocation unsupported.\n");
+ return -ENOEXEC;
+}
+#endif
+
+#ifndef arch_kexec_apply_relocations
+/*
+ * arch_kexec_apply_relocations - apply relocations of type REL
+ * @pi: Purgatory to be relocated.
+ * @section: Section relocations applying to.
+ * @relsec: Section containing RELs.
+ * @symtab: Corresponding symtab.
+ *
+ * Return: 0 on success, negative errno on error.
+ */
+static inline int
+arch_kexec_apply_relocations(struct purgatory_info *pi, Elf_Shdr *section,
+ const Elf_Shdr *relsec, const Elf_Shdr *symtab)
+{
+ pr_err("REL relocation unsupported.\n");
+ return -ENOEXEC;
+}
+#endif
#endif /* CONFIG_KEXEC_FILE */
#ifdef CONFIG_KEXEC_ELF
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -109,40 +109,6 @@ int __weak arch_kexec_kernel_verify_sig(
#endif
/*
- * arch_kexec_apply_relocations_add - apply relocations of type RELA
- * @pi: Purgatory to be relocated.
- * @section: Section relocations applying to.
- * @relsec: Section containing RELAs.
- * @symtab: Corresponding symtab.
- *
- * Return: 0 on success, negative errno on error.
- */
-int __weak
-arch_kexec_apply_relocations_add(struct purgatory_info *pi, Elf_Shdr *section,
- const Elf_Shdr *relsec, const Elf_Shdr *symtab)
-{
- pr_err("RELA relocation unsupported.\n");
- return -ENOEXEC;
-}
-
-/*
- * arch_kexec_apply_relocations - apply relocations of type REL
- * @pi: Purgatory to be relocated.
- * @section: Section relocations applying to.
- * @relsec: Section containing RELs.
- * @symtab: Corresponding symtab.
- *
- * Return: 0 on success, negative errno on error.
- */
-int __weak
-arch_kexec_apply_relocations(struct purgatory_info *pi, Elf_Shdr *section,
- const Elf_Shdr *relsec, const Elf_Shdr *symtab)
-{
- pr_err("REL relocation unsupported.\n");
- return -ENOEXEC;
-}
-
-/*
* Free up memory used by kernel, initrd, and command line. This is temporary
* memory allocation which is not needed any more after these buffers have
* been loaded into separate segments and have been copied elsewhere.
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 401/452] ftrace: Clean up hash direct_functions on register failures
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (399 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 400/452] kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 402/452] iommu/msm: Fix an incorrect NULL check on list iterator Greg Kroah-Hartman
` (56 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Song Liu, Steven Rostedt (Google)
From: Song Liu <song@kernel.org>
commit 7d54c15cb89a29a5f59e5ffc9ee62e6591769ef1 upstream.
We see the following GPF when register_ftrace_direct fails:
[ ] general protection fault, probably for non-canonical address \
0x200000000000010: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI
[...]
[ ] RIP: 0010:ftrace_find_rec_direct+0x53/0x70
[ ] Code: 48 c1 e0 03 48 03 42 08 48 8b 10 31 c0 48 85 d2 74 [...]
[ ] RSP: 0018:ffffc9000138bc10 EFLAGS: 00010206
[ ] RAX: 0000000000000000 RBX: ffffffff813e0df0 RCX: 000000000000003b
[ ] RDX: 0200000000000000 RSI: 000000000000000c RDI: ffffffff813e0df0
[ ] RBP: ffffffffa00a3000 R08: ffffffff81180ce0 R09: 0000000000000001
[ ] R10: ffffc9000138bc18 R11: 0000000000000001 R12: ffffffff813e0df0
[ ] R13: ffffffff813e0df0 R14: ffff888171b56400 R15: 0000000000000000
[ ] FS: 00007fa9420c7780(0000) GS:ffff888ff6a00000(0000) knlGS:000000000
[ ] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ ] CR2: 000000000770d000 CR3: 0000000107d50003 CR4: 0000000000370ee0
[ ] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ ] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ ] Call Trace:
[ ] <TASK>
[ ] register_ftrace_direct+0x54/0x290
[ ] ? render_sigset_t+0xa0/0xa0
[ ] bpf_trampoline_update+0x3f5/0x4a0
[ ] ? 0xffffffffa00a3000
[ ] bpf_trampoline_link_prog+0xa9/0x140
[ ] bpf_tracing_prog_attach+0x1dc/0x450
[ ] bpf_raw_tracepoint_open+0x9a/0x1e0
[ ] ? find_held_lock+0x2d/0x90
[ ] ? lock_release+0x150/0x430
[ ] __sys_bpf+0xbd6/0x2700
[ ] ? lock_is_held_type+0xd8/0x130
[ ] __x64_sys_bpf+0x1c/0x20
[ ] do_syscall_64+0x3a/0x80
[ ] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ ] RIP: 0033:0x7fa9421defa9
[ ] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 9 f8 [...]
[ ] RSP: 002b:00007ffed743bd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ ] RAX: ffffffffffffffda RBX: 00000000069d2480 RCX: 00007fa9421defa9
[ ] RDX: 0000000000000078 RSI: 00007ffed743bd80 RDI: 0000000000000011
[ ] RBP: 00007ffed743be00 R08: 0000000000bb7270 R09: 0000000000000000
[ ] R10: 00000000069da210 R11: 0000000000000246 R12: 0000000000000001
[ ] R13: 00007ffed743c4b0 R14: 00000000069d2480 R15: 0000000000000001
[ ] </TASK>
[ ] Modules linked in: klp_vm(OK)
[ ] ---[ end trace 0000000000000000 ]---
One way to trigger this is:
1. load a livepatch that patches kernel function xxx;
2. run bpftrace -e 'kfunc:xxx {}', this will fail (expected for now);
3. repeat #2 => gpf.
This is because the entry is added to direct_functions, but not removed.
Fix this by remove the entry from direct_functions when
register_ftrace_direct fails.
Also remove the last trailing space from ftrace.c, so we don't have to
worry about it anymore.
Link: https://lkml.kernel.org/r/20220524170839.900849-1-song@kernel.org
Cc: stable@vger.kernel.org
Fixes: 763e34e74bb7 ("ftrace: Add register_ftrace_direct()")
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ftrace.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -4427,7 +4427,7 @@ int ftrace_func_mapper_add_ip(struct ftr
* @ip: The instruction pointer address to remove the data from
*
* Returns the data if it is found, otherwise NULL.
- * Note, if the data pointer is used as the data itself, (see
+ * Note, if the data pointer is used as the data itself, (see
* ftrace_func_mapper_find_ip(), then the return value may be meaningless,
* if the data pointer was set to zero.
*/
@@ -5153,8 +5153,6 @@ int register_ftrace_direct(unsigned long
__add_hash_entry(direct_functions, entry);
ret = ftrace_set_filter_ip(&direct_ops, ip, 0, 0);
- if (ret)
- remove_hash_entry(direct_functions, entry);
if (!ret && !(direct_ops.flags & FTRACE_OPS_FL_ENABLED)) {
ret = register_ftrace_function(&direct_ops);
@@ -5163,6 +5161,7 @@ int register_ftrace_direct(unsigned long
}
if (ret) {
+ remove_hash_entry(direct_functions, entry);
kfree(entry);
if (!direct->count) {
list_del_rcu(&direct->next);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 402/452] iommu/msm: Fix an incorrect NULL check on list iterator
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (400 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 401/452] ftrace: Clean up hash direct_functions on register failures Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 403/452] nodemask.h: fix compilation error with GCC12 Greg Kroah-Hartman
` (55 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Joerg Roedel
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit 8b9ad480bd1dd25f4ff4854af5685fa334a2f57a upstream.
The bug is here:
if (!iommu || iommu->dev->of_node != spec->np) {
The list iterator value 'iommu' will *always* be set and non-NULL by
list_for_each_entry(), so it is incorrect to assume that the iterator
value will be NULL if the list is empty or no element is found (in fact,
it will point to a invalid structure object containing HEAD).
To fix the bug, use a new value 'iter' as the list iterator, while use
the old value 'iommu' as a dedicated variable to point to the found one,
and remove the unneeded check for 'iommu->dev->of_node != spec->np'
outside the loop.
Cc: stable@vger.kernel.org
Fixes: f78ebca8ff3d6 ("iommu/msm: Add support for generic master bindings")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Link: https://lore.kernel.org/r/20220501132823.12714-1-xiam0nd.tong@gmail.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/msm_iommu.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- a/drivers/iommu/msm_iommu.c
+++ b/drivers/iommu/msm_iommu.c
@@ -616,16 +616,19 @@ static void insert_iommu_master(struct d
static int qcom_iommu_of_xlate(struct device *dev,
struct of_phandle_args *spec)
{
- struct msm_iommu_dev *iommu;
+ struct msm_iommu_dev *iommu = NULL, *iter;
unsigned long flags;
int ret = 0;
spin_lock_irqsave(&msm_iommu_lock, flags);
- list_for_each_entry(iommu, &qcom_iommu_devices, dev_node)
- if (iommu->dev->of_node == spec->np)
+ list_for_each_entry(iter, &qcom_iommu_devices, dev_node) {
+ if (iter->dev->of_node == spec->np) {
+ iommu = iter;
break;
+ }
+ }
- if (!iommu || iommu->dev->of_node != spec->np) {
+ if (!iommu) {
ret = -ENODEV;
goto fail;
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 403/452] nodemask.h: fix compilation error with GCC12
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (401 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 402/452] iommu/msm: Fix an incorrect NULL check on list iterator Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 404/452] hugetlb: fix huge_pmd_unshare address update Greg Kroah-Hartman
` (54 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe de Dinechin,
Christophe de Dinechin, Andrew Morton, Ben Segall,
Michael S. Tsirkin, Steven Rostedt, Ingo Molnar, Mel Gorman,
Dietmar Eggemann, Vincent Guittot, Paolo Bonzini,
Daniel Bristot de Oliveira, Jason Wang, Zhen Lei, Juri Lelli,
Peter Zijlstra
From: Christophe de Dinechin <dinechin@redhat.com>
commit 37462a920392cb86541650a6f4121155f11f1199 upstream.
With gcc version 12.0.1 20220401 (Red Hat 12.0.1-0), building with
defconfig results in the following compilation error:
| CC mm/swapfile.o
| mm/swapfile.c: In function `setup_swap_info':
| mm/swapfile.c:2291:47: error: array subscript -1 is below array bounds
| of `struct plist_node[]' [-Werror=array-bounds]
| 2291 | p->avail_lists[i].prio = 1;
| | ~~~~~~~~~~~~~~^~~
| In file included from mm/swapfile.c:16:
| ./include/linux/swap.h:292:27: note: while referencing `avail_lists'
| 292 | struct plist_node avail_lists[]; /*
| | ^~~~~~~~~~~
This is due to the compiler detecting that the mask in
node_states[__state] could theoretically be zero, which would lead to
first_node() returning -1 through find_first_bit.
I believe that the warning/error is legitimate. I first tried adding a
test to check that the node mask is not emtpy, since a similar test exists
in the case where MAX_NUMNODES == 1.
However, adding the if statement causes other warnings to appear in
for_each_cpu_node_but, because it introduces a dangling else ambiguity.
And unfortunately, GCC is not smart enough to detect that the added test
makes the case where (node) == -1 impossible, so it still complains with
the same message.
This is why I settled on replacing that with a harmless, but relatively
useless (node) >= 0 test. Based on the warning for the dangling else, I
also decided to fix the case where MAX_NUMNODES == 1 by moving the
condition inside the for loop. It will still only be tested once. This
ensures that the meaning of an else following for_each_node_mask or
derivatives would not silently have a different meaning depending on the
configuration.
Link: https://lkml.kernel.org/r/20220414150855.2407137-3-dinechin@redhat.com
Signed-off-by: Christophe de Dinechin <christophe@dinechin.org>
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Ben Segall <bsegall@google.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Dietmar Eggemann <dietmar.eggemann@arm.com>
Cc: Vincent Guittot <vincent.guittot@linaro.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Daniel Bristot de Oliveira <bristot@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Zhen Lei <thunder.leizhen@huawei.com>
Cc: Juri Lelli <juri.lelli@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/nodemask.h | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
--- a/include/linux/nodemask.h
+++ b/include/linux/nodemask.h
@@ -375,14 +375,13 @@ static inline void __nodes_fold(nodemask
}
#if MAX_NUMNODES > 1
-#define for_each_node_mask(node, mask) \
- for ((node) = first_node(mask); \
- (node) < MAX_NUMNODES; \
- (node) = next_node((node), (mask)))
+#define for_each_node_mask(node, mask) \
+ for ((node) = first_node(mask); \
+ (node >= 0) && (node) < MAX_NUMNODES; \
+ (node) = next_node((node), (mask)))
#else /* MAX_NUMNODES == 1 */
-#define for_each_node_mask(node, mask) \
- if (!nodes_empty(mask)) \
- for ((node) = 0; (node) < 1; (node)++)
+#define for_each_node_mask(node, mask) \
+ for ((node) = 0; (node) < 1 && !nodes_empty(mask); (node)++)
#endif /* MAX_NUMNODES */
/*
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 404/452] hugetlb: fix huge_pmd_unshare address update
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (402 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 403/452] nodemask.h: fix compilation error with GCC12 Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 405/452] xtensa/simdisk: fix proc_read_simdisk() Greg Kroah-Hartman
` (53 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mike Kravetz, Muchun Song, Andrew Morton
From: Mike Kravetz <mike.kravetz@oracle.com>
commit 48381273f8734d28ef56a5bdf1966dd8530111bc upstream.
The routine huge_pmd_unshare() is passed a pointer to an address
associated with an area which may be unshared. If unshare is successful
this address is updated to 'optimize' callers iterating over huge page
addresses. For the optimization to work correctly, address should be
updated to the last huge page in the unmapped/unshared area. However, in
the common case where the passed address is PUD_SIZE aligned, the address
is incorrectly updated to the address of the preceding huge page. That
wastes CPU cycles as the unmapped/unshared range is scanned twice.
Link: https://lkml.kernel.org/r/20220524205003.126184-1-mike.kravetz@oracle.com
Fixes: 39dde65c9940 ("shared page table for hugetlb page")
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
Acked-by: Muchun Song <songmuchun@bytedance.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/hugetlb.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -5465,7 +5465,14 @@ int huge_pmd_unshare(struct mm_struct *m
pud_clear(pud);
put_page(virt_to_page(ptep));
mm_dec_nr_pmds(mm);
- *addr = ALIGN(*addr, HPAGE_SIZE * PTRS_PER_PTE) - HPAGE_SIZE;
+ /*
+ * This update of passed address optimizes loops sequentially
+ * processing addresses in increments of huge page size (PMD_SIZE
+ * in this case). By clearing the pud, a PUD_SIZE area is unmapped.
+ * Update address to the 'last page' in the cleared area so that
+ * calling loop can move to first page past this area.
+ */
+ *addr |= PUD_SIZE - PMD_SIZE;
return 1;
}
#define want_pmd_share() (1)
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 405/452] xtensa/simdisk: fix proc_read_simdisk()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (403 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 404/452] hugetlb: fix huge_pmd_unshare address update Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 406/452] rtl818x: Prevent using not initialized queues Greg Kroah-Hartman
` (52 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Yi Yang, Max Filippov
From: Yi Yang <yiyang13@huawei.com>
commit b011946d039d66bbc7102137e98cc67e1356aa87 upstream.
The commit a69755b18774 ("xtensa simdisk: switch to proc_create_data()")
split read operation into two parts, first retrieving the path when it's
non-null and second retrieving the trailing '\n'. However when the path
is non-null the first simple_read_from_buffer updates ppos, and the
second simple_read_from_buffer returns 0 if ppos is greater than 1 (i.e.
almost always). As a result reading from that proc file is almost always
empty.
Fix it by making a temporary copy of the path with the trailing '\n' and
using simple_read_from_buffer on that copy.
Cc: stable@vger.kernel.org
Fixes: a69755b18774 ("xtensa simdisk: switch to proc_create_data()")
Signed-off-by: Yi Yang <yiyang13@huawei.com>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/xtensa/platforms/iss/simdisk.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
--- a/arch/xtensa/platforms/iss/simdisk.c
+++ b/arch/xtensa/platforms/iss/simdisk.c
@@ -213,12 +213,18 @@ static ssize_t proc_read_simdisk(struct
struct simdisk *dev = PDE_DATA(file_inode(file));
const char *s = dev->filename;
if (s) {
- ssize_t n = simple_read_from_buffer(buf, size, ppos,
- s, strlen(s));
- if (n < 0)
- return n;
- buf += n;
- size -= n;
+ ssize_t len = strlen(s);
+ char *temp = kmalloc(len + 2, GFP_KERNEL);
+
+ if (!temp)
+ return -ENOMEM;
+
+ len = scnprintf(temp, len + 2, "%s\n", s);
+ len = simple_read_from_buffer(buf, size, ppos,
+ temp, len);
+
+ kfree(temp);
+ return len;
}
return simple_read_from_buffer(buf, size, ppos, "\n", 1);
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 406/452] rtl818x: Prevent using not initialized queues
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (404 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 405/452] xtensa/simdisk: fix proc_read_simdisk() Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 407/452] ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control Greg Kroah-Hartman
` (51 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, pa, Alexander Wetzel, Kalle Valo
From: Alexander Wetzel <alexander@wetzel-home.de>
commit 746285cf81dc19502ab238249d75f5990bd2d231 upstream.
Using not existing queues can panic the kernel with rtl8180/rtl8185 cards.
Ignore the skb priority for those cards, they only have one tx queue. Pierre
Asselin (pa@panix.com) reported the kernel crash in the Gentoo forum:
https://forums.gentoo.org/viewtopic-t-1147832-postdays-0-postorder-asc-start-25.html
He also confirmed that this patch fixes the issue. In summary this happened:
After updating wpa_supplicant from 2.9 to 2.10 the kernel crashed with a
"divide error: 0000" when connecting to an AP. Control port tx now tries to
use IEEE80211_AC_VO for the priority, which wpa_supplicants starts to use in
2.10.
Since only the rtl8187se part of the driver supports QoS, the priority
of the skb is set to IEEE80211_AC_BE (2) by mac80211 for rtl8180/rtl8185
cards.
rtl8180 is then unconditionally reading out the priority and finally crashes on
drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c line 544 without this
patch:
idx = (ring->idx + skb_queue_len(&ring->queue)) % ring->entries
"ring->entries" is zero for rtl8180/rtl8185 cards, tx_ring[2] never got
initialized.
Cc: stable@vger.kernel.org
Reported-by: pa@panix.com
Tested-by: pa@panix.com
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220422145228.7567-1-alexander@wetzel-home.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c
+++ b/drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c
@@ -460,8 +460,10 @@ static void rtl8180_tx(struct ieee80211_
struct rtl8180_priv *priv = dev->priv;
struct rtl8180_tx_ring *ring;
struct rtl8180_tx_desc *entry;
+ unsigned int prio = 0;
unsigned long flags;
- unsigned int idx, prio, hw_prio;
+ unsigned int idx, hw_prio;
+
dma_addr_t mapping;
u32 tx_flags;
u8 rc_flags;
@@ -470,7 +472,9 @@ static void rtl8180_tx(struct ieee80211_
/* do arithmetic and then convert to le16 */
u16 frame_duration = 0;
- prio = skb_get_queue_mapping(skb);
+ /* rtl8180/rtl8185 only has one useable tx queue */
+ if (dev->queues > IEEE80211_AC_BK)
+ prio = skb_get_queue_mapping(skb);
ring = &priv->tx_ring[prio];
mapping = dma_map_single(&priv->pdev->dev, skb->data, skb->len,
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 407/452] ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (405 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 406/452] rtl818x: Prevent using not initialized queues Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 408/452] carl9170: tx: fix an incorrect use of list iterator Greg Kroah-Hartman
` (50 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mark Brown
From: Mark Brown <broonie@kernel.org>
commit 4213ff556740bb45e2d9ff0f50d056c4e7dd0921 upstream.
The driver has a custom put function for "DSP Voice Wake Up" which does
not generate event notifications on change, instead returning 0. Since we
already exit early in the case that there is no change this can be fixed
by unconditionally returning 1 at the end of the function.
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220428162444.3883147-1-broonie@kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/codecs/rt5514.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/codecs/rt5514.c
+++ b/sound/soc/codecs/rt5514.c
@@ -419,7 +419,7 @@ static int rt5514_dsp_voice_wake_up_put(
}
}
- return 0;
+ return 1;
}
static const struct snd_kcontrol_new rt5514_snd_controls[] = {
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 408/452] carl9170: tx: fix an incorrect use of list iterator
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (406 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 407/452] ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 409/452] stm: ltdc: fix two incorrect NULL checks on " Greg Kroah-Hartman
` (49 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Christian Lamparter,
Kalle Valo
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit 54a6f29522da3c914da30e50721dedf51046449a upstream.
If the previous list_for_each_entry_continue_rcu() don't exit early
(no goto hit inside the loop), the iterator 'cvif' after the loop
will be a bogus pointer to an invalid structure object containing
the HEAD (&ar->vif_list). As a result, the use of 'cvif' after that
will lead to a invalid memory access (i.e., 'cvif->id': the invalid
pointer dereference when return back to/after the callsite in the
carl9170_update_beacon()).
The original intention should have been to return the valid 'cvif'
when found in list, NULL otherwise. So just return NULL when no
entry found, to fix this bug.
Cc: stable@vger.kernel.org
Fixes: 1f1d9654e183c ("carl9170: refactor carl9170_update_beacon")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Acked-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220328122820.1004-1-xiam0nd.tong@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/ath/carl9170/tx.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/wireless/ath/carl9170/tx.c
+++ b/drivers/net/wireless/ath/carl9170/tx.c
@@ -1557,6 +1557,9 @@ static struct carl9170_vif_info *carl917
goto out;
}
} while (ar->beacon_enabled && i--);
+
+ /* no entry found in list */
+ return NULL;
}
out:
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 409/452] stm: ltdc: fix two incorrect NULL checks on list iterator
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (407 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 408/452] carl9170: tx: fix an incorrect use of list iterator Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 410/452] bcache: improve multithreaded bch_btree_check() Greg Kroah-Hartman
` (48 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Raphael Gallais-Pou,
Philippe Cornu
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit 2e6c86be0e57079d1fb6c7c7e5423db096d0548a upstream.
The two bugs are here:
if (encoder) {
if (bridge && bridge->timings)
The list iterator value 'encoder/bridge' will *always* be set and
non-NULL by drm_for_each_encoder()/list_for_each_entry(), so it is
incorrect to assume that the iterator value will be NULL if the
list is empty or no element is found.
To fix the bug, use a new variable '*_iter' as the list iterator,
while use the old variable 'encoder/bridge' as a dedicated pointer
to point to the found element.
Cc: stable@vger.kernel.org
Fixes: 99e360442f223 ("drm/stm: Fix bus_flags handling")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Acked-by: Raphael Gallais-Pou <raphael.gallais-pou@foss.st.com>
Signed-off-by: Philippe Cornu <philippe.cornu@foss.st.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220327055355.3808-1-xiam0nd.tong@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/stm/ltdc.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
--- a/drivers/gpu/drm/stm/ltdc.c
+++ b/drivers/gpu/drm/stm/ltdc.c
@@ -527,8 +527,8 @@ static void ltdc_crtc_mode_set_nofb(stru
struct drm_device *ddev = crtc->dev;
struct drm_connector_list_iter iter;
struct drm_connector *connector = NULL;
- struct drm_encoder *encoder = NULL;
- struct drm_bridge *bridge = NULL;
+ struct drm_encoder *encoder = NULL, *en_iter;
+ struct drm_bridge *bridge = NULL, *br_iter;
struct drm_display_mode *mode = &crtc->state->adjusted_mode;
struct videomode vm;
u32 hsync, vsync, accum_hbp, accum_vbp, accum_act_w, accum_act_h;
@@ -538,15 +538,19 @@ static void ltdc_crtc_mode_set_nofb(stru
int ret;
/* get encoder from crtc */
- drm_for_each_encoder(encoder, ddev)
- if (encoder->crtc == crtc)
+ drm_for_each_encoder(en_iter, ddev)
+ if (en_iter->crtc == crtc) {
+ encoder = en_iter;
break;
+ }
if (encoder) {
/* get bridge from encoder */
- list_for_each_entry(bridge, &encoder->bridge_chain, chain_node)
- if (bridge->encoder == encoder)
+ list_for_each_entry(br_iter, &encoder->bridge_chain, chain_node)
+ if (br_iter->encoder == encoder) {
+ bridge = br_iter;
break;
+ }
/* Get the connector from encoder */
drm_connector_list_iter_begin(ddev, &iter);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 410/452] bcache: improve multithreaded bch_btree_check()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (408 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 409/452] stm: ltdc: fix two incorrect NULL checks on " Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 411/452] bcache: improve multithreaded bch_sectors_dirty_init() Greg Kroah-Hartman
` (47 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Coly Li, Jens Axboe
From: Coly Li <colyli@suse.de>
commit 622536443b6731ec82c563aae7807165adbe9178 upstream.
Commit 8e7102273f59 ("bcache: make bch_btree_check() to be
multithreaded") makes bch_btree_check() to be much faster when checking
all btree nodes during cache device registration. But it isn't in ideal
shap yet, still can be improved.
This patch does the following thing to improve current parallel btree
nodes check by multiple threads in bch_btree_check(),
- Add read lock to root node while checking all the btree nodes with
multiple threads. Although currently it is not mandatory but it is
good to have a read lock in code logic.
- Remove local variable 'char name[32]', and generate kernel thread name
string directly when calling kthread_run().
- Allocate local variable "struct btree_check_state check_state" on the
stack and avoid unnecessary dynamic memory allocation for it.
- Reduce BCH_BTR_CHKTHREAD_MAX from 64 to 12 which is enough indeed.
- Increase check_state->started to count created kernel thread after it
succeeds to create.
- When wait for all checking kernel threads to finish, use wait_event()
to replace wait_event_interruptible().
With this change, the code is more clear, and some potential error
conditions are avoided.
Fixes: 8e7102273f59 ("bcache: make bch_btree_check() to be multithreaded")
Signed-off-by: Coly Li <colyli@suse.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220524102336.10684-2-colyli@suse.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/btree.c | 58 ++++++++++++++++++++--------------------------
drivers/md/bcache/btree.h | 2 -
2 files changed, 27 insertions(+), 33 deletions(-)
--- a/drivers/md/bcache/btree.c
+++ b/drivers/md/bcache/btree.c
@@ -2006,8 +2006,7 @@ int bch_btree_check(struct cache_set *c)
int i;
struct bkey *k = NULL;
struct btree_iter iter;
- struct btree_check_state *check_state;
- char name[32];
+ struct btree_check_state check_state;
/* check and mark root node keys */
for_each_key_filter(&c->root->keys, k, &iter, bch_ptr_invalid)
@@ -2018,63 +2017,58 @@ int bch_btree_check(struct cache_set *c)
if (c->root->level == 0)
return 0;
- check_state = kzalloc(sizeof(struct btree_check_state), GFP_KERNEL);
- if (!check_state)
- return -ENOMEM;
-
- check_state->c = c;
- check_state->total_threads = bch_btree_chkthread_nr();
- check_state->key_idx = 0;
- spin_lock_init(&check_state->idx_lock);
- atomic_set(&check_state->started, 0);
- atomic_set(&check_state->enough, 0);
- init_waitqueue_head(&check_state->wait);
+ check_state.c = c;
+ check_state.total_threads = bch_btree_chkthread_nr();
+ check_state.key_idx = 0;
+ spin_lock_init(&check_state.idx_lock);
+ atomic_set(&check_state.started, 0);
+ atomic_set(&check_state.enough, 0);
+ init_waitqueue_head(&check_state.wait);
+ rw_lock(0, c->root, c->root->level);
/*
* Run multiple threads to check btree nodes in parallel,
- * if check_state->enough is non-zero, it means current
+ * if check_state.enough is non-zero, it means current
* running check threads are enough, unncessary to create
* more.
*/
- for (i = 0; i < check_state->total_threads; i++) {
- /* fetch latest check_state->enough earlier */
+ for (i = 0; i < check_state.total_threads; i++) {
+ /* fetch latest check_state.enough earlier */
smp_mb__before_atomic();
- if (atomic_read(&check_state->enough))
+ if (atomic_read(&check_state.enough))
break;
- check_state->infos[i].result = 0;
- check_state->infos[i].state = check_state;
- snprintf(name, sizeof(name), "bch_btrchk[%u]", i);
- atomic_inc(&check_state->started);
+ check_state.infos[i].result = 0;
+ check_state.infos[i].state = &check_state;
- check_state->infos[i].thread =
+ check_state.infos[i].thread =
kthread_run(bch_btree_check_thread,
- &check_state->infos[i],
- name);
- if (IS_ERR(check_state->infos[i].thread)) {
+ &check_state.infos[i],
+ "bch_btrchk[%d]", i);
+ if (IS_ERR(check_state.infos[i].thread)) {
pr_err("fails to run thread bch_btrchk[%d]\n", i);
for (--i; i >= 0; i--)
- kthread_stop(check_state->infos[i].thread);
+ kthread_stop(check_state.infos[i].thread);
ret = -ENOMEM;
goto out;
}
+ atomic_inc(&check_state.started);
}
/*
* Must wait for all threads to stop.
*/
- wait_event_interruptible(check_state->wait,
- atomic_read(&check_state->started) == 0);
+ wait_event(check_state.wait, atomic_read(&check_state.started) == 0);
- for (i = 0; i < check_state->total_threads; i++) {
- if (check_state->infos[i].result) {
- ret = check_state->infos[i].result;
+ for (i = 0; i < check_state.total_threads; i++) {
+ if (check_state.infos[i].result) {
+ ret = check_state.infos[i].result;
goto out;
}
}
out:
- kfree(check_state);
+ rw_unlock(0, c->root);
return ret;
}
--- a/drivers/md/bcache/btree.h
+++ b/drivers/md/bcache/btree.h
@@ -226,7 +226,7 @@ struct btree_check_info {
int result;
};
-#define BCH_BTR_CHKTHREAD_MAX 64
+#define BCH_BTR_CHKTHREAD_MAX 12
struct btree_check_state {
struct cache_set *c;
int total_threads;
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 411/452] bcache: improve multithreaded bch_sectors_dirty_init()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (409 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 410/452] bcache: improve multithreaded bch_btree_check() Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 412/452] bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() Greg Kroah-Hartman
` (46 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Coly Li, Jens Axboe
From: Coly Li <colyli@suse.de>
commit 4dc34ae1b45fe26e772a44379f936c72623dd407 upstream.
Commit b144e45fc576 ("bcache: make bch_sectors_dirty_init() to be
multithreaded") makes bch_sectors_dirty_init() to be much faster
when counting dirty sectors by iterating all dirty keys in the btree.
But it isn't in ideal shape yet, still can be improved.
This patch does the following changes to improve current parallel dirty
keys iteration on the btree,
- Add read lock to root node when multiple threads iterating the btree,
to prevent the root node gets split by I/Os from other registered
bcache devices.
- Remove local variable "char name[32]" and generate kernel thread name
string directly when calling kthread_run().
- Allocate "struct bch_dirty_init_state state" directly on stack and
avoid the unnecessary dynamic memory allocation for it.
- Decrease BCH_DIRTY_INIT_THRD_MAX from 64 to 12 which is enough indeed.
- Increase &state->started to count created kernel thread after it
succeeds to create.
- When wait for all dirty key counting threads to finish, use
wait_event() to replace wait_event_interruptible().
With the above changes, the code is more clear, and some potential error
conditions are avoided.
Fixes: b144e45fc576 ("bcache: make bch_sectors_dirty_init() to be multithreaded")
Signed-off-by: Coly Li <colyli@suse.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220524102336.10684-3-colyli@suse.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/writeback.c | 60 ++++++++++++++++--------------------------
drivers/md/bcache/writeback.h | 2 -
2 files changed, 25 insertions(+), 37 deletions(-)
--- a/drivers/md/bcache/writeback.c
+++ b/drivers/md/bcache/writeback.c
@@ -899,10 +899,10 @@ void bch_sectors_dirty_init(struct bcach
struct btree_iter iter;
struct sectors_dirty_init op;
struct cache_set *c = d->c;
- struct bch_dirty_init_state *state;
- char name[32];
+ struct bch_dirty_init_state state;
/* Just count root keys if no leaf node */
+ rw_lock(0, c->root, c->root->level);
if (c->root->level == 0) {
bch_btree_op_init(&op.op, -1);
op.inode = d->id;
@@ -912,54 +912,42 @@ void bch_sectors_dirty_init(struct bcach
for_each_key_filter(&c->root->keys,
k, &iter, bch_ptr_invalid)
sectors_dirty_init_fn(&op.op, c->root, k);
+ rw_unlock(0, c->root);
return;
}
- state = kzalloc(sizeof(struct bch_dirty_init_state), GFP_KERNEL);
- if (!state) {
- pr_warn("sectors dirty init failed: cannot allocate memory\n");
- return;
- }
+ state.c = c;
+ state.d = d;
+ state.total_threads = bch_btre_dirty_init_thread_nr();
+ state.key_idx = 0;
+ spin_lock_init(&state.idx_lock);
+ atomic_set(&state.started, 0);
+ atomic_set(&state.enough, 0);
+ init_waitqueue_head(&state.wait);
- state->c = c;
- state->d = d;
- state->total_threads = bch_btre_dirty_init_thread_nr();
- state->key_idx = 0;
- spin_lock_init(&state->idx_lock);
- atomic_set(&state->started, 0);
- atomic_set(&state->enough, 0);
- init_waitqueue_head(&state->wait);
-
- for (i = 0; i < state->total_threads; i++) {
- /* Fetch latest state->enough earlier */
+ for (i = 0; i < state.total_threads; i++) {
+ /* Fetch latest state.enough earlier */
smp_mb__before_atomic();
- if (atomic_read(&state->enough))
+ if (atomic_read(&state.enough))
break;
- state->infos[i].state = state;
- atomic_inc(&state->started);
- snprintf(name, sizeof(name), "bch_dirty_init[%d]", i);
-
- state->infos[i].thread =
- kthread_run(bch_dirty_init_thread,
- &state->infos[i],
- name);
- if (IS_ERR(state->infos[i].thread)) {
+ state.infos[i].state = &state;
+ state.infos[i].thread =
+ kthread_run(bch_dirty_init_thread, &state.infos[i],
+ "bch_dirtcnt[%d]", i);
+ if (IS_ERR(state.infos[i].thread)) {
pr_err("fails to run thread bch_dirty_init[%d]\n", i);
for (--i; i >= 0; i--)
- kthread_stop(state->infos[i].thread);
+ kthread_stop(state.infos[i].thread);
goto out;
}
+ atomic_inc(&state.started);
}
- /*
- * Must wait for all threads to stop.
- */
- wait_event_interruptible(state->wait,
- atomic_read(&state->started) == 0);
-
out:
- kfree(state);
+ /* Must wait for all threads to stop. */
+ wait_event(state.wait, atomic_read(&state.started) == 0);
+ rw_unlock(0, c->root);
}
void bch_cached_dev_writeback_init(struct cached_dev *dc)
--- a/drivers/md/bcache/writeback.h
+++ b/drivers/md/bcache/writeback.h
@@ -16,7 +16,7 @@
#define BCH_AUTO_GC_DIRTY_THRESHOLD 50
-#define BCH_DIRTY_INIT_THRD_MAX 64
+#define BCH_DIRTY_INIT_THRD_MAX 12
/*
* 14 (16384ths) is chosen here as something that each backing device
* should be a reasonable fraction of the share, and not to blow up
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 412/452] bcache: remove incremental dirty sector counting for bch_sectors_dirty_init()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (410 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 411/452] bcache: improve multithreaded bch_sectors_dirty_init() Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 413/452] bcache: avoid journal no-space deadlock by reserving 1 journal bucket Greg Kroah-Hartman
` (45 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Coly Li, Jens Axboe
From: Coly Li <colyli@suse.de>
commit 80db4e4707e78cb22287da7d058d7274bd4cb370 upstream.
After making bch_sectors_dirty_init() being multithreaded, the existing
incremental dirty sector counting in bch_root_node_dirty_init() doesn't
release btree occupation after iterating 500000 (INIT_KEYS_EACH_TIME)
bkeys. Because a read lock is added on btree root node to prevent the
btree to be split during the dirty sectors counting, other I/O requester
has no chance to gain the write lock even restart bcache_btree().
That is to say, the incremental dirty sectors counting is incompatible
to the multhreaded bch_sectors_dirty_init(). We have to choose one and
drop another one.
In my testing, with 512 bytes random writes, I generate 1.2T dirty data
and a btree with 400K nodes. With single thread and incremental dirty
sectors counting, it takes 30+ minites to register the backing device.
And with multithreaded dirty sectors counting, the backing device
registration can be accomplished within 2 minutes.
The 30+ minutes V.S. 2- minutes difference makes me decide to keep
multithreaded bch_sectors_dirty_init() and drop the incremental dirty
sectors counting. This is what this patch does.
But INIT_KEYS_EACH_TIME is kept, in sectors_dirty_init_fn() the CPU
will be released by cond_resched() after every INIT_KEYS_EACH_TIME keys
iterated. This is to avoid the watchdog reports a bogus soft lockup
warning.
Fixes: b144e45fc576 ("bcache: make bch_sectors_dirty_init() to be multithreaded")
Signed-off-by: Coly Li <colyli@suse.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220524102336.10684-4-colyli@suse.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/writeback.c | 39 ++++++++++++---------------------------
1 file changed, 12 insertions(+), 27 deletions(-)
--- a/drivers/md/bcache/writeback.c
+++ b/drivers/md/bcache/writeback.c
@@ -756,13 +756,11 @@ static int bch_writeback_thread(void *ar
/* Init */
#define INIT_KEYS_EACH_TIME 500000
-#define INIT_KEYS_SLEEP_MS 100
struct sectors_dirty_init {
struct btree_op op;
unsigned int inode;
size_t count;
- struct bkey start;
};
static int sectors_dirty_init_fn(struct btree_op *_op, struct btree *b,
@@ -778,11 +776,8 @@ static int sectors_dirty_init_fn(struct
KEY_START(k), KEY_SIZE(k));
op->count++;
- if (atomic_read(&b->c->search_inflight) &&
- !(op->count % INIT_KEYS_EACH_TIME)) {
- bkey_copy_key(&op->start, k);
- return -EAGAIN;
- }
+ if (!(op->count % INIT_KEYS_EACH_TIME))
+ cond_resched();
return MAP_CONTINUE;
}
@@ -797,24 +792,16 @@ static int bch_root_node_dirty_init(stru
bch_btree_op_init(&op.op, -1);
op.inode = d->id;
op.count = 0;
- op.start = KEY(op.inode, 0, 0);
- do {
- ret = bcache_btree(map_keys_recurse,
- k,
- c->root,
- &op.op,
- &op.start,
- sectors_dirty_init_fn,
- 0);
- if (ret == -EAGAIN)
- schedule_timeout_interruptible(
- msecs_to_jiffies(INIT_KEYS_SLEEP_MS));
- else if (ret < 0) {
- pr_warn("sectors dirty init failed, ret=%d!\n", ret);
- break;
- }
- } while (ret == -EAGAIN);
+ ret = bcache_btree(map_keys_recurse,
+ k,
+ c->root,
+ &op.op,
+ &KEY(op.inode, 0, 0),
+ sectors_dirty_init_fn,
+ 0);
+ if (ret < 0)
+ pr_warn("sectors dirty init failed, ret=%d!\n", ret);
return ret;
}
@@ -858,7 +845,6 @@ static int bch_dirty_init_thread(void *a
goto out;
}
skip_nr--;
- cond_resched();
}
if (p) {
@@ -868,7 +854,6 @@ static int bch_dirty_init_thread(void *a
p = NULL;
prev_idx = cur_idx;
- cond_resched();
}
out:
@@ -907,11 +892,11 @@ void bch_sectors_dirty_init(struct bcach
bch_btree_op_init(&op.op, -1);
op.inode = d->id;
op.count = 0;
- op.start = KEY(op.inode, 0, 0);
for_each_key_filter(&c->root->keys,
k, &iter, bch_ptr_invalid)
sectors_dirty_init_fn(&op.op, c->root, k);
+
rw_unlock(0, c->root);
return;
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 413/452] bcache: avoid journal no-space deadlock by reserving 1 journal bucket
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (411 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 412/452] bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 414/452] serial: pch: dont overwrite xmit->buf[0] by x_char Greg Kroah-Hartman
` (44 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nikhil Kshirsagar, Coly Li, Jens Axboe
From: Coly Li <colyli@suse.de>
commit 32feee36c30ea06e38ccb8ae6e5c44c6eec790a6 upstream.
The journal no-space deadlock was reported time to time. Such deadlock
can happen in the following situation.
When all journal buckets are fully filled by active jset with heavy
write I/O load, the cache set registration (after a reboot) will load
all active jsets and inserting them into the btree again (which is
called journal replay). If a journaled bkey is inserted into a btree
node and results btree node split, new journal request might be
triggered. For example, the btree grows one more level after the node
split, then the root node record in cache device super block will be
upgrade by bch_journal_meta() from bch_btree_set_root(). But there is no
space in journal buckets, the journal replay has to wait for new journal
bucket to be reclaimed after at least one journal bucket replayed. This
is one example that how the journal no-space deadlock happens.
The solution to avoid the deadlock is to reserve 1 journal bucket in
run time, and only permit the reserved journal bucket to be used during
cache set registration procedure for things like journal replay. Then
the journal space will never be fully filled, there is no chance for
journal no-space deadlock to happen anymore.
This patch adds a new member "bool do_reserve" in struct journal, it is
inititalized to 0 (false) when struct journal is allocated, and set to
1 (true) by bch_journal_space_reserve() when all initialization done in
run_cache_set(). In the run time when journal_reclaim() tries to
allocate a new journal bucket, free_journal_buckets() is called to check
whether there are enough free journal buckets to use. If there is only
1 free journal bucket and journal->do_reserve is 1 (true), the last
bucket is reserved and free_journal_buckets() will return 0 to indicate
no free journal bucket. Then journal_reclaim() will give up, and try
next time to see whetheer there is free journal bucket to allocate. By
this method, there is always 1 jouranl bucket reserved in run time.
During the cache set registration, journal->do_reserve is 0 (false), so
the reserved journal bucket can be used to avoid the no-space deadlock.
Reported-by: Nikhil Kshirsagar <nkshirsagar@gmail.com>
Signed-off-by: Coly Li <colyli@suse.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220524102336.10684-5-colyli@suse.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/journal.c | 31 ++++++++++++++++++++++++++-----
drivers/md/bcache/journal.h | 2 ++
drivers/md/bcache/super.c | 1 +
3 files changed, 29 insertions(+), 5 deletions(-)
--- a/drivers/md/bcache/journal.c
+++ b/drivers/md/bcache/journal.c
@@ -407,6 +407,11 @@ err:
return ret;
}
+void bch_journal_space_reserve(struct journal *j)
+{
+ j->do_reserve = true;
+}
+
/* Journalling */
static void btree_flush_write(struct cache_set *c)
@@ -625,12 +630,30 @@ static void do_journal_discard(struct ca
}
}
+static unsigned int free_journal_buckets(struct cache_set *c)
+{
+ struct journal *j = &c->journal;
+ struct cache *ca = c->cache;
+ struct journal_device *ja = &c->cache->journal;
+ unsigned int n;
+
+ /* In case njournal_buckets is not power of 2 */
+ if (ja->cur_idx >= ja->discard_idx)
+ n = ca->sb.njournal_buckets + ja->discard_idx - ja->cur_idx;
+ else
+ n = ja->discard_idx - ja->cur_idx;
+
+ if (n > (1 + j->do_reserve))
+ return n - (1 + j->do_reserve);
+
+ return 0;
+}
+
static void journal_reclaim(struct cache_set *c)
{
struct bkey *k = &c->journal.key;
struct cache *ca = c->cache;
uint64_t last_seq;
- unsigned int next;
struct journal_device *ja = &ca->journal;
atomic_t p __maybe_unused;
@@ -653,12 +676,10 @@ static void journal_reclaim(struct cache
if (c->journal.blocks_free)
goto out;
- next = (ja->cur_idx + 1) % ca->sb.njournal_buckets;
- /* No space available on this device */
- if (next == ja->discard_idx)
+ if (!free_journal_buckets(c))
goto out;
- ja->cur_idx = next;
+ ja->cur_idx = (ja->cur_idx + 1) % ca->sb.njournal_buckets;
k->ptr[0] = MAKE_PTR(0,
bucket_to_sector(c, ca->sb.d[ja->cur_idx]),
ca->sb.nr_this_dev);
--- a/drivers/md/bcache/journal.h
+++ b/drivers/md/bcache/journal.h
@@ -105,6 +105,7 @@ struct journal {
spinlock_t lock;
spinlock_t flush_write_lock;
bool btree_flushing;
+ bool do_reserve;
/* used when waiting because the journal was full */
struct closure_waitlist wait;
struct closure io;
@@ -182,5 +183,6 @@ int bch_journal_replay(struct cache_set
void bch_journal_free(struct cache_set *c);
int bch_journal_alloc(struct cache_set *c);
+void bch_journal_space_reserve(struct journal *j);
#endif /* _BCACHE_JOURNAL_H */
--- a/drivers/md/bcache/super.c
+++ b/drivers/md/bcache/super.c
@@ -2150,6 +2150,7 @@ static int run_cache_set(struct cache_se
flash_devs_run(c);
+ bch_journal_space_reserve(&c->journal);
set_bit(CACHE_SET_RUNNING, &c->flags);
return 0;
err:
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 414/452] serial: pch: dont overwrite xmit->buf[0] by x_char
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (412 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 413/452] bcache: avoid journal no-space deadlock by reserving 1 journal bucket Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 415/452] tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator Greg Kroah-Hartman
` (43 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jiri Slaby
From: Jiri Slaby <jslaby@suse.cz>
commit d9f3af4fbb1d955bbaf872d9e76502f6e3e803cb upstream.
When x_char is to be sent, the TX path overwrites whatever is in the
circular buffer at offset 0 with x_char and sends it using
pch_uart_hal_write(). I don't understand how this was supposed to work
if xmit->buf[0] already contained some character. It must have been
lost.
Remove this whole pop_tx_x() concept and do the work directly in the
callers. (Without printing anything using dev_dbg().)
Cc: <stable@vger.kernel.org>
Fixes: 3c6a483275f4 (Serial: EG20T: add PCH_UART driver)
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Link: https://lore.kernel.org/r/20220503080808.28332-1-jslaby@suse.cz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/pch_uart.c | 27 +++++++--------------------
1 file changed, 7 insertions(+), 20 deletions(-)
--- a/drivers/tty/serial/pch_uart.c
+++ b/drivers/tty/serial/pch_uart.c
@@ -628,22 +628,6 @@ static int push_rx(struct eg20t_port *pr
return 0;
}
-static int pop_tx_x(struct eg20t_port *priv, unsigned char *buf)
-{
- int ret = 0;
- struct uart_port *port = &priv->port;
-
- if (port->x_char) {
- dev_dbg(priv->port.dev, "%s:X character send %02x (%lu)\n",
- __func__, port->x_char, jiffies);
- buf[0] = port->x_char;
- port->x_char = 0;
- ret = 1;
- }
-
- return ret;
-}
-
static int dma_push_rx(struct eg20t_port *priv, int size)
{
int room;
@@ -893,9 +877,10 @@ static unsigned int handle_tx(struct eg2
fifo_size = max(priv->fifo_size, 1);
tx_empty = 1;
- if (pop_tx_x(priv, xmit->buf)) {
- pch_uart_hal_write(priv, xmit->buf, 1);
+ if (port->x_char) {
+ pch_uart_hal_write(priv, &port->x_char, 1);
port->icount.tx++;
+ port->x_char = 0;
tx_empty = 0;
fifo_size--;
}
@@ -950,9 +935,11 @@ static unsigned int dma_handle_tx(struct
}
fifo_size = max(priv->fifo_size, 1);
- if (pop_tx_x(priv, xmit->buf)) {
- pch_uart_hal_write(priv, xmit->buf, 1);
+
+ if (port->x_char) {
+ pch_uart_hal_write(priv, &port->x_char, 1);
port->icount.tx++;
+ port->x_char = 0;
fifo_size--;
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 415/452] tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (413 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 414/452] serial: pch: dont overwrite xmit->buf[0] by x_char Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 416/452] gma500: " Greg Kroah-Hartman
` (42 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Jyri Sarha
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit 8b917cbe38e9b0d002492477a9fc2bfee2412ce4 upstream.
The bug is here:
if (!encoder) {
The list iterator value 'encoder' will *always* be set and non-NULL
by list_for_each_entry(), so it is incorrect to assume that the
iterator value will be NULL if the list is empty or no element
is found.
To fix the bug, use a new variable 'iter' as the list iterator,
while use the original variable 'encoder' as a dedicated pointer
to point to the found element.
Cc: stable@vger.kernel.org
Fixes: ec9eab097a500 ("drm/tilcdc: Add drm bridge support for attaching drm bridge drivers")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Reviewed-by: Jyri Sarha <jyri.sarha@iki.fi>
Tested-by: Jyri Sarha <jyri.sarha@iki.fi>
Signed-off-by: Jyri Sarha <jyri.sarha@iki.fi>
Link: https://patchwork.freedesktop.org/patch/msgid/20220327061516.5076-1-xiam0nd.tong@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/tilcdc/tilcdc_external.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/tilcdc/tilcdc_external.c
+++ b/drivers/gpu/drm/tilcdc/tilcdc_external.c
@@ -60,11 +60,13 @@ struct drm_connector *tilcdc_encoder_fin
int tilcdc_add_component_encoder(struct drm_device *ddev)
{
struct tilcdc_drm_private *priv = ddev->dev_private;
- struct drm_encoder *encoder;
+ struct drm_encoder *encoder = NULL, *iter;
- list_for_each_entry(encoder, &ddev->mode_config.encoder_list, head)
- if (encoder->possible_crtcs & (1 << priv->crtc->index))
+ list_for_each_entry(iter, &ddev->mode_config.encoder_list, head)
+ if (iter->possible_crtcs & (1 << priv->crtc->index)) {
+ encoder = iter;
break;
+ }
if (!encoder) {
dev_err(ddev->dev, "%s: No suitable encoder found\n", __func__);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 416/452] gma500: fix an incorrect NULL check on list iterator
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (414 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 415/452] tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 417/452] arm64: dts: qcom: ipq8074: fix the sleep clock frequency Greg Kroah-Hartman
` (41 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Patrik Jakobsson
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
commit bdef417d84536715145f6dc9cc3275c46f26295a upstream.
The bug is here:
return crtc;
The list iterator value 'crtc' will *always* be set and non-NULL by
list_for_each_entry(), so it is incorrect to assume that the iterator
value will be NULL if the list is empty or no element is found.
To fix the bug, return 'crtc' when found, otherwise return NULL.
Cc: stable@vger.kernel.org
fixes: 89c78134cc54d ("gma500: Add Poulsbo support")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Signed-off-by: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220327052028.2013-1-xiam0nd.tong@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/gma500/psb_intel_display.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/gma500/psb_intel_display.c
+++ b/drivers/gpu/drm/gma500/psb_intel_display.c
@@ -536,14 +536,15 @@ void psb_intel_crtc_init(struct drm_devi
struct drm_crtc *psb_intel_get_crtc_from_pipe(struct drm_device *dev, int pipe)
{
- struct drm_crtc *crtc = NULL;
+ struct drm_crtc *crtc;
list_for_each_entry(crtc, &dev->mode_config.crtc_list, head) {
struct gma_crtc *gma_crtc = to_gma_crtc(crtc);
+
if (gma_crtc->pipe == pipe)
- break;
+ return crtc;
}
- return crtc;
+ return NULL;
}
int gma_connector_clones(struct drm_device *dev, int type_mask)
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 417/452] arm64: dts: qcom: ipq8074: fix the sleep clock frequency
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (415 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 416/452] gma500: " Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 418/452] phy: qcom-qmp: fix struct clk leak on probe errors Greg Kroah-Hartman
` (40 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Kathiravan T, Bjorn Andersson
From: Kathiravan T <quic_kathirav@quicinc.com>
commit f607dd767f5d6800ffbdce5b99ba81763b023781 upstream.
Sleep clock frequency should be 32768Hz. Lets fix it.
Cc: stable@vger.kernel.org
Fixes: 41dac73e243d ("arm64: dts: Add ipq8074 SoC and HK01 board support")
Link: https://lore.kernel.org/all/e2a447f8-6024-0369-f698-2027b6edcf9e@codeaurora.org/
Signed-off-by: Kathiravan T <quic_kathirav@quicinc.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/1644581655-11568-1-git-send-email-quic_kathirav@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/qcom/ipq8074.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/qcom/ipq8074.dtsi
+++ b/arch/arm64/boot/dts/qcom/ipq8074.dtsi
@@ -13,7 +13,7 @@
clocks {
sleep_clk: sleep_clk {
compatible = "fixed-clock";
- clock-frequency = <32000>;
+ clock-frequency = <32768>;
#clock-cells = <0>;
};
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 418/452] phy: qcom-qmp: fix struct clk leak on probe errors
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (416 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 417/452] arm64: dts: qcom: ipq8074: fix the sleep clock frequency Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 419/452] ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries Greg Kroah-Hartman
` (39 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vivek Gautam, Bjorn Andersson,
Johan Hovold, Vinod Koul
From: Johan Hovold <johan+linaro@kernel.org>
commit f0a4bc38a12f5a0cc5ad68670d9480e91e6a94df upstream.
Make sure to release the pipe clock reference in case of a late probe
error (e.g. probe deferral).
Fixes: e78f3d15e115 ("phy: qcom-qmp: new qmp phy driver for qcom-chipsets")
Cc: stable@vger.kernel.org # 4.12
Cc: Vivek Gautam <vivek.gautam@codeaurora.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Link: https://lore.kernel.org/r/20220427063243.32576-2-johan+linaro@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/phy/qualcomm/phy-qcom-qmp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/phy/qualcomm/phy-qcom-qmp.c
+++ b/drivers/phy/qualcomm/phy-qcom-qmp.c
@@ -3789,7 +3789,7 @@ int qcom_qmp_phy_create(struct device *d
* all phys that don't need this.
*/
snprintf(prop_name, sizeof(prop_name), "pipe%d", id);
- qphy->pipe_clk = of_clk_get_by_name(np, prop_name);
+ qphy->pipe_clk = devm_get_clk_from_child(dev, np, prop_name);
if (IS_ERR(qphy->pipe_clk)) {
if (cfg->type == PHY_TYPE_PCIE ||
cfg->type == PHY_TYPE_USB3) {
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 419/452] ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (417 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 418/452] phy: qcom-qmp: fix struct clk leak on probe errors Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 420/452] ARM: pxa: maybe fix gpio lookup tables Greg Kroah-Hartman
` (38 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Bakker, Krzysztof Kozlowski
From: Jonathan Bakker <xc-racer2@live.ca>
commit 096f58507374e1293a9e9cff8a1ccd5f37780a20 upstream.
Since commit 766c6b63aa04 ("spi: fix client driver breakages when using
GPIO descriptors"), the panel has been blank due to an inverted CS GPIO.
In order to correct this, drop the spi-cs-high from the panel SPI device.
Fixes: 766c6b63aa04 ("spi: fix client driver breakages when using GPIO descriptors")
Cc: <stable@vger.kernel.org>
Signed-off-by: Jonathan Bakker <xc-racer2@live.ca>
Link: https://lore.kernel.org/r/CY4PR04MB05670C771062570E911AF3B4CB1C9@CY4PR04MB0567.namprd04.prod.outlook.com
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/s5pv210-aries.dtsi | 1 -
1 file changed, 1 deletion(-)
diff --git a/arch/arm/boot/dts/s5pv210-aries.dtsi b/arch/arm/boot/dts/s5pv210-aries.dtsi
index c8f1c324a6c2..dba186d57924 100644
--- a/arch/arm/boot/dts/s5pv210-aries.dtsi
+++ b/arch/arm/boot/dts/s5pv210-aries.dtsi
@@ -564,7 +564,6 @@ panel@0 {
reset-gpios = <&mp05 5 GPIO_ACTIVE_LOW>;
vdd3-supply = <&ldo7_reg>;
vci-supply = <&ldo17_reg>;
- spi-cs-high;
spi-max-frequency = <1200000>;
pinctrl-names = "default";
--
2.36.1
^ permalink raw reply related [flat|nested] 474+ messages in thread
* [PATCH 5.10 420/452] ARM: pxa: maybe fix gpio lookup tables
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (418 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 419/452] ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 421/452] SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op Greg Kroah-Hartman
` (37 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robert Jarzmik, Linus Walleij, Arnd Bergmann
From: Arnd Bergmann <arnd@arndb.de>
commit 2672a4bff6c03a20d5ae460a091f67ee782c3eff upstream.
>From inspection I found a couple of GPIO lookups that are
listed with device "gpio-pxa", but actually have a number
from a different gpio controller.
Try to rectify that here, with a guess of what the actual
device name is.
Acked-by: Robert Jarzmik <robert.jarzmik@free.fr>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Cc: stable@vger.kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-pxa/cm-x300.c | 8 ++++----
arch/arm/mach-pxa/magician.c | 2 +-
arch/arm/mach-pxa/tosa.c | 4 ++--
3 files changed, 7 insertions(+), 7 deletions(-)
--- a/arch/arm/mach-pxa/cm-x300.c
+++ b/arch/arm/mach-pxa/cm-x300.c
@@ -354,13 +354,13 @@ static struct platform_device cm_x300_sp
static struct gpiod_lookup_table cm_x300_spi_gpiod_table = {
.dev_id = "spi_gpio",
.table = {
- GPIO_LOOKUP("gpio-pxa", GPIO_LCD_SCL,
+ GPIO_LOOKUP("pca9555.1", GPIO_LCD_SCL - GPIO_LCD_BASE,
"sck", GPIO_ACTIVE_HIGH),
- GPIO_LOOKUP("gpio-pxa", GPIO_LCD_DIN,
+ GPIO_LOOKUP("pca9555.1", GPIO_LCD_DIN - GPIO_LCD_BASE,
"mosi", GPIO_ACTIVE_HIGH),
- GPIO_LOOKUP("gpio-pxa", GPIO_LCD_DOUT,
+ GPIO_LOOKUP("pca9555.1", GPIO_LCD_DOUT - GPIO_LCD_BASE,
"miso", GPIO_ACTIVE_HIGH),
- GPIO_LOOKUP("gpio-pxa", GPIO_LCD_CS,
+ GPIO_LOOKUP("pca9555.1", GPIO_LCD_CS - GPIO_LCD_BASE,
"cs", GPIO_ACTIVE_HIGH),
{ },
},
--- a/arch/arm/mach-pxa/magician.c
+++ b/arch/arm/mach-pxa/magician.c
@@ -681,7 +681,7 @@ static struct platform_device bq24022 =
static struct gpiod_lookup_table bq24022_gpiod_table = {
.dev_id = "gpio-regulator",
.table = {
- GPIO_LOOKUP("gpio-pxa", EGPIO_MAGICIAN_BQ24022_ISET2,
+ GPIO_LOOKUP("htc-egpio-0", EGPIO_MAGICIAN_BQ24022_ISET2 - MAGICIAN_EGPIO_BASE,
NULL, GPIO_ACTIVE_HIGH),
GPIO_LOOKUP("gpio-pxa", GPIO30_MAGICIAN_BQ24022_nCHARGE_EN,
"enable", GPIO_ACTIVE_LOW),
--- a/arch/arm/mach-pxa/tosa.c
+++ b/arch/arm/mach-pxa/tosa.c
@@ -296,9 +296,9 @@ static struct gpiod_lookup_table tosa_mc
.table = {
GPIO_LOOKUP("gpio-pxa", TOSA_GPIO_nSD_DETECT,
"cd", GPIO_ACTIVE_LOW),
- GPIO_LOOKUP("gpio-pxa", TOSA_GPIO_SD_WP,
+ GPIO_LOOKUP("sharp-scoop.0", TOSA_GPIO_SD_WP - TOSA_SCOOP_GPIO_BASE,
"wp", GPIO_ACTIVE_LOW),
- GPIO_LOOKUP("gpio-pxa", TOSA_GPIO_PWR_ON,
+ GPIO_LOOKUP("sharp-scoop.0", TOSA_GPIO_PWR_ON - TOSA_SCOOP_GPIO_BASE,
"power", GPIO_ACTIVE_HIGH),
{ },
},
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 421/452] SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (419 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 420/452] ARM: pxa: maybe fix gpio lookup tables Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 422/452] docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 Greg Kroah-Hartman
` (36 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ondrej Hubsch, Ronnie Sahlberg,
Paulo Alcantara (SUSE),
Steve French
From: Steve French <stfrench@microsoft.com>
commit 0a55cf74ffb5d004b93647e4389096880ce37d6b upstream.
There is a race condition in smb2_compound_op:
after_close:
num_rqst++;
if (cfile) {
cifsFileInfo_put(cfile); // sends SMB2_CLOSE to the server
cfile = NULL;
This is triggered by smb2_query_path_info operation that happens during
revalidate_dentry. In smb2_query_path_info, get_readable_path is called to
load the cfile, increasing the reference counter. If in the meantime, this
reference becomes the very last, this call to cifsFileInfo_put(cfile) will
trigger a SMB2_CLOSE request sent to the server just before sending this compound
request – and so then the compound request fails either with EBADF/EIO depending
on the timing at the server, because the handle is already closed.
In the first scenario, the race seems to be happening between smb2_query_path_info
triggered by the rename operation, and between “cleanup” of asynchronous writes – while
fsync(fd) likely waits for the asynchronous writes to complete, releasing the writeback
structures can happen after the close(fd) call. So the EBADF/EIO errors will pop up if
the timing is such that:
1) There are still outstanding references after close(fd) in the writeback structures
2) smb2_query_path_info successfully fetches the cfile, increasing the refcounter by 1
3) All writeback structures release the same cfile, reducing refcounter to 1
4) smb2_compound_op is called with that cfile
In the second scenario, the race seems to be similar – here open triggers the
smb2_query_path_info operation, and if all other threads in the meantime decrease the
refcounter to 1 similarly to the first scenario, again SMB2_CLOSE will be sent to the
server just before issuing the compound request. This case is harder to reproduce.
See https://bugzilla.samba.org/show_bug.cgi?id=15051
Cc: stable@vger.kernel.org
Fixes: 8de9e86c67ba ("cifs: create a helper to find a writeable handle by path name")
Signed-off-by: Ondrej Hubsch <ohubsch@purestorage.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2inode.c | 2 --
1 file changed, 2 deletions(-)
--- a/fs/cifs/smb2inode.c
+++ b/fs/cifs/smb2inode.c
@@ -371,8 +371,6 @@ smb2_compound_op(const unsigned int xid,
num_rqst++;
if (cfile) {
- cifsFileInfo_put(cfile);
- cfile = NULL;
rc = compound_send_recv(xid, ses, server,
flags, num_rqst - 2,
&rqst[1], &resp_buftype[1],
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 422/452] docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (420 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 421/452] SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 423/452] dt-bindings: gpio: altera: correct interrupt-cells Greg Kroah-Hartman
` (35 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Akira Yokosawa, Jonathan Corbet
From: Akira Yokosawa <akiyks@gmail.com>
commit 627f01eab93d8671d4e4afee9b148f9998d20e7c upstream.
One of the changes in Sphinx 5.0.0 [1] says [sic]:
5.0.0 final
- #10474: language does not accept None as it value.
The default value of language becomes to 'en' now.
[1]: https://www.sphinx-doc.org/en/master/changes.html#release-5-0-0-released-may-30-2022
It results in a new warning from Sphinx 5.0.0 [sic]:
WARNING: Invalid configuration value found: 'language = None'.
Update your configuration to a valid langauge code. Falling
back to 'en' (English).
Silence the warning by using 'en'.
It works with all the Sphinx versions required for building
kernel documentation (1.7.9 or later).
Signed-off-by: Akira Yokosawa <akiyks@gmail.com>
Link: https://lore.kernel.org/r/bd0c2ddc-2401-03cb-4526-79ca664e1cbe@gmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/conf.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/Documentation/conf.py
+++ b/Documentation/conf.py
@@ -176,7 +176,7 @@ finally:
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
-language = None
+language = 'en'
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 423/452] dt-bindings: gpio: altera: correct interrupt-cells
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (421 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 422/452] docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 424/452] vdpasim: allow to enable a vq repeatedly Greg Kroah-Hartman
` (34 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dinh Nguyen
From: Dinh Nguyen <dinguyen@kernel.org>
commit 3a21c3ac93aff7b4522b152399df8f6a041df56d upstream.
update documentation to correctly state the interrupt-cells to be 2.
Cc: stable@vger.kernel.org
Fixes: 4fd9bbc6e071 ("drivers/gpio: Altera soft IP GPIO driver devicetree binding")
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/devicetree/bindings/gpio/gpio-altera.txt | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/Documentation/devicetree/bindings/gpio/gpio-altera.txt
+++ b/Documentation/devicetree/bindings/gpio/gpio-altera.txt
@@ -9,8 +9,9 @@ Required properties:
- The second cell is reserved and is currently unused.
- gpio-controller : Marks the device node as a GPIO controller.
- interrupt-controller: Mark the device node as an interrupt controller
-- #interrupt-cells : Should be 1. The interrupt type is fixed in the hardware.
+- #interrupt-cells : Should be 2. The interrupt type is fixed in the hardware.
- The first cell is the GPIO offset number within the GPIO controller.
+ - The second cell is the interrupt trigger type and level flags.
- interrupts: Specify the interrupt.
- altr,interrupt-type: Specifies the interrupt trigger type the GPIO
hardware is synthesized. This field is required if the Altera GPIO controller
@@ -38,6 +39,6 @@ gpio_altr: gpio@ff200000 {
altr,interrupt-type = <IRQ_TYPE_EDGE_RISING>;
#gpio-cells = <2>;
gpio-controller;
- #interrupt-cells = <1>;
+ #interrupt-cells = <2>;
interrupt-controller;
};
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 424/452] vdpasim: allow to enable a vq repeatedly
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (422 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 423/452] dt-bindings: gpio: altera: correct interrupt-cells Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 425/452] blk-iolatency: Fix inflight count imbalances and IO hangs on offline Greg Kroah-Hartman
` (33 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eugenio Pérez,
Michael S. Tsirkin, Stefano Garzarella
From: Eugenio Pérez <eperezma@redhat.com>
commit 242436973831aa97e8ce19533c6c912ea8def31b upstream.
Code must be resilient to enable a queue many times.
At the moment the queue is resetting so it's definitely not the expected
behavior.
v2: set vq->ready = 0 at disable.
Fixes: 2c53d0f64c06 ("vdpasim: vDPA device simulator")
Cc: stable@vger.kernel.org
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Message-Id: <20220519145919.772896-1-eperezma@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/vdpa/vdpa_sim/vdpa_sim.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/vdpa/vdpa_sim/vdpa_sim.c
+++ b/drivers/vdpa/vdpa_sim/vdpa_sim.c
@@ -473,11 +473,14 @@ static void vdpasim_set_vq_ready(struct
{
struct vdpasim *vdpasim = vdpa_to_sim(vdpa);
struct vdpasim_virtqueue *vq = &vdpasim->vqs[idx];
+ bool old_ready;
spin_lock(&vdpasim->lock);
+ old_ready = vq->ready;
vq->ready = ready;
- if (vq->ready)
+ if (vq->ready && !old_ready) {
vdpasim_queue_ready(vdpasim, idx);
+ }
spin_unlock(&vdpasim->lock);
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 425/452] blk-iolatency: Fix inflight count imbalances and IO hangs on offline
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (423 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 424/452] vdpasim: allow to enable a vq repeatedly Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 426/452] coresight: core: Fix coresight device probe failure issue Greg Kroah-Hartman
` (32 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tejun Heo, Josef Bacik, Liu Bo, Jens Axboe
From: Tejun Heo <tj@kernel.org>
commit 8a177a36da6c54c98b8685d4f914cb3637d53c0d upstream.
iolatency needs to track the number of inflight IOs per cgroup. As this
tracking can be expensive, it is disabled when no cgroup has iolatency
configured for the device. To ensure that the inflight counters stay
balanced, iolatency_set_limit() freezes the request_queue while manipulating
the enabled counter, which ensures that no IO is in flight and thus all
counters are zero.
Unfortunately, iolatency_set_limit() isn't the only place where the enabled
counter is manipulated. iolatency_pd_offline() can also dec the counter and
trigger disabling. As this disabling happens without freezing the q, this
can easily happen while some IOs are in flight and thus leak the counts.
This can be easily demonstrated by turning on iolatency on an one empty
cgroup while IOs are in flight in other cgroups and then removing the
cgroup. Note that iolatency shouldn't have been enabled elsewhere in the
system to ensure that removing the cgroup disables iolatency for the whole
device.
The following keeps flipping on and off iolatency on sda:
echo +io > /sys/fs/cgroup/cgroup.subtree_control
while true; do
mkdir -p /sys/fs/cgroup/test
echo '8:0 target=100000' > /sys/fs/cgroup/test/io.latency
sleep 1
rmdir /sys/fs/cgroup/test
sleep 1
done
and there's concurrent fio generating direct rand reads:
fio --name test --filename=/dev/sda --direct=1 --rw=randread \
--runtime=600 --time_based --iodepth=256 --numjobs=4 --bs=4k
while monitoring with the following drgn script:
while True:
for css in css_for_each_descendant_pre(prog['blkcg_root'].css.address_of_()):
for pos in hlist_for_each(container_of(css, 'struct blkcg', 'css').blkg_list):
blkg = container_of(pos, 'struct blkcg_gq', 'blkcg_node')
pd = blkg.pd[prog['blkcg_policy_iolatency'].plid]
if pd.value_() == 0:
continue
iolat = container_of(pd, 'struct iolatency_grp', 'pd')
inflight = iolat.rq_wait.inflight.counter.value_()
if inflight:
print(f'inflight={inflight} {disk_name(blkg.q.disk).decode("utf-8")} '
f'{cgroup_path(css.cgroup).decode("utf-8")}')
time.sleep(1)
The monitoring output looks like the following:
inflight=1 sda /user.slice
inflight=1 sda /user.slice
...
inflight=14 sda /user.slice
inflight=13 sda /user.slice
inflight=17 sda /user.slice
inflight=15 sda /user.slice
inflight=18 sda /user.slice
inflight=17 sda /user.slice
inflight=20 sda /user.slice
inflight=19 sda /user.slice <- fio stopped, inflight stuck at 19
inflight=19 sda /user.slice
inflight=19 sda /user.slice
If a cgroup with stuck inflight ends up getting throttled, the throttled IOs
will never get issued as there's no completion event to wake it up leading
to an indefinite hang.
This patch fixes the bug by unifying enable handling into a work item which
is automatically kicked off from iolatency_set_min_lat_nsec() which is
called from both iolatency_set_limit() and iolatency_pd_offline() paths.
Punting to a work item is necessary as iolatency_pd_offline() is called
under spinlocks while freezing a request_queue requires a sleepable context.
This also simplifies the code reducing LOC sans the comments and avoids the
unnecessary freezes which were happening whenever a cgroup's latency target
is newly set or cleared.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Josef Bacik <josef@toxicpanda.com>
Cc: Liu Bo <bo.liu@linux.alibaba.com>
Fixes: 8c772a9bfc7c ("blk-iolatency: fix IO hang due to negative inflight counter")
Cc: stable@vger.kernel.org # v5.0+
Link: https://lore.kernel.org/r/Yn9ScX6Nx2qIiQQi@slm.duckdns.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-iolatency.c | 122 ++++++++++++++++++++++++++------------------------
1 file changed, 64 insertions(+), 58 deletions(-)
--- a/block/blk-iolatency.c
+++ b/block/blk-iolatency.c
@@ -86,7 +86,17 @@ struct iolatency_grp;
struct blk_iolatency {
struct rq_qos rqos;
struct timer_list timer;
- atomic_t enabled;
+
+ /*
+ * ->enabled is the master enable switch gating the throttling logic and
+ * inflight tracking. The number of cgroups which have iolat enabled is
+ * tracked in ->enable_cnt, and ->enable is flipped on/off accordingly
+ * from ->enable_work with the request_queue frozen. For details, See
+ * blkiolatency_enable_work_fn().
+ */
+ bool enabled;
+ atomic_t enable_cnt;
+ struct work_struct enable_work;
};
static inline struct blk_iolatency *BLKIOLATENCY(struct rq_qos *rqos)
@@ -94,11 +104,6 @@ static inline struct blk_iolatency *BLKI
return container_of(rqos, struct blk_iolatency, rqos);
}
-static inline bool blk_iolatency_enabled(struct blk_iolatency *blkiolat)
-{
- return atomic_read(&blkiolat->enabled) > 0;
-}
-
struct child_latency_info {
spinlock_t lock;
@@ -463,7 +468,7 @@ static void blkcg_iolatency_throttle(str
struct blkcg_gq *blkg = bio->bi_blkg;
bool issue_as_root = bio_issue_as_root_blkg(bio);
- if (!blk_iolatency_enabled(blkiolat))
+ if (!blkiolat->enabled)
return;
while (blkg && blkg->parent) {
@@ -593,7 +598,6 @@ static void blkcg_iolatency_done_bio(str
u64 window_start;
u64 now;
bool issue_as_root = bio_issue_as_root_blkg(bio);
- bool enabled = false;
int inflight = 0;
blkg = bio->bi_blkg;
@@ -604,8 +608,7 @@ static void blkcg_iolatency_done_bio(str
if (!iolat)
return;
- enabled = blk_iolatency_enabled(iolat->blkiolat);
- if (!enabled)
+ if (!iolat->blkiolat->enabled)
return;
now = ktime_to_ns(ktime_get());
@@ -644,6 +647,7 @@ static void blkcg_iolatency_exit(struct
struct blk_iolatency *blkiolat = BLKIOLATENCY(rqos);
del_timer_sync(&blkiolat->timer);
+ flush_work(&blkiolat->enable_work);
blkcg_deactivate_policy(rqos->q, &blkcg_policy_iolatency);
kfree(blkiolat);
}
@@ -715,6 +719,44 @@ next:
rcu_read_unlock();
}
+/**
+ * blkiolatency_enable_work_fn - Enable or disable iolatency on the device
+ * @work: enable_work of the blk_iolatency of interest
+ *
+ * iolatency needs to keep track of the number of in-flight IOs per cgroup. This
+ * is relatively expensive as it involves walking up the hierarchy twice for
+ * every IO. Thus, if iolatency is not enabled in any cgroup for the device, we
+ * want to disable the in-flight tracking.
+ *
+ * We have to make sure that the counting is balanced - we don't want to leak
+ * the in-flight counts by disabling accounting in the completion path while IOs
+ * are in flight. This is achieved by ensuring that no IO is in flight by
+ * freezing the queue while flipping ->enabled. As this requires a sleepable
+ * context, ->enabled flipping is punted to this work function.
+ */
+static void blkiolatency_enable_work_fn(struct work_struct *work)
+{
+ struct blk_iolatency *blkiolat = container_of(work, struct blk_iolatency,
+ enable_work);
+ bool enabled;
+
+ /*
+ * There can only be one instance of this function running for @blkiolat
+ * and it's guaranteed to be executed at least once after the latest
+ * ->enabled_cnt modification. Acting on the latest ->enable_cnt is
+ * sufficient.
+ *
+ * Also, we know @blkiolat is safe to access as ->enable_work is flushed
+ * in blkcg_iolatency_exit().
+ */
+ enabled = atomic_read(&blkiolat->enable_cnt);
+ if (enabled != blkiolat->enabled) {
+ blk_mq_freeze_queue(blkiolat->rqos.q);
+ blkiolat->enabled = enabled;
+ blk_mq_unfreeze_queue(blkiolat->rqos.q);
+ }
+}
+
int blk_iolatency_init(struct request_queue *q)
{
struct blk_iolatency *blkiolat;
@@ -740,17 +782,15 @@ int blk_iolatency_init(struct request_qu
}
timer_setup(&blkiolat->timer, blkiolatency_timer_fn, 0);
+ INIT_WORK(&blkiolat->enable_work, blkiolatency_enable_work_fn);
return 0;
}
-/*
- * return 1 for enabling iolatency, return -1 for disabling iolatency, otherwise
- * return 0.
- */
-static int iolatency_set_min_lat_nsec(struct blkcg_gq *blkg, u64 val)
+static void iolatency_set_min_lat_nsec(struct blkcg_gq *blkg, u64 val)
{
struct iolatency_grp *iolat = blkg_to_lat(blkg);
+ struct blk_iolatency *blkiolat = iolat->blkiolat;
u64 oldval = iolat->min_lat_nsec;
iolat->min_lat_nsec = val;
@@ -758,13 +798,15 @@ static int iolatency_set_min_lat_nsec(st
iolat->cur_win_nsec = min_t(u64, iolat->cur_win_nsec,
BLKIOLATENCY_MAX_WIN_SIZE);
- if (!oldval && val)
- return 1;
+ if (!oldval && val) {
+ if (atomic_inc_return(&blkiolat->enable_cnt) == 1)
+ schedule_work(&blkiolat->enable_work);
+ }
if (oldval && !val) {
blkcg_clear_delay(blkg);
- return -1;
+ if (atomic_dec_return(&blkiolat->enable_cnt) == 0)
+ schedule_work(&blkiolat->enable_work);
}
- return 0;
}
static void iolatency_clear_scaling(struct blkcg_gq *blkg)
@@ -796,7 +838,6 @@ static ssize_t iolatency_set_limit(struc
u64 lat_val = 0;
u64 oldval;
int ret;
- int enable = 0;
ret = blkg_conf_prep(blkcg, &blkcg_policy_iolatency, buf, &ctx);
if (ret)
@@ -831,41 +872,12 @@ static ssize_t iolatency_set_limit(struc
blkg = ctx.blkg;
oldval = iolat->min_lat_nsec;
- enable = iolatency_set_min_lat_nsec(blkg, lat_val);
- if (enable) {
- if (!blk_get_queue(blkg->q)) {
- ret = -ENODEV;
- goto out;
- }
-
- blkg_get(blkg);
- }
-
- if (oldval != iolat->min_lat_nsec) {
+ iolatency_set_min_lat_nsec(blkg, lat_val);
+ if (oldval != iolat->min_lat_nsec)
iolatency_clear_scaling(blkg);
- }
-
ret = 0;
out:
blkg_conf_finish(&ctx);
- if (ret == 0 && enable) {
- struct iolatency_grp *tmp = blkg_to_lat(blkg);
- struct blk_iolatency *blkiolat = tmp->blkiolat;
-
- blk_mq_freeze_queue(blkg->q);
-
- if (enable == 1)
- atomic_inc(&blkiolat->enabled);
- else if (enable == -1)
- atomic_dec(&blkiolat->enabled);
- else
- WARN_ON_ONCE(1);
-
- blk_mq_unfreeze_queue(blkg->q);
-
- blkg_put(blkg);
- blk_put_queue(blkg->q);
- }
return ret ?: nbytes;
}
@@ -1006,14 +1018,8 @@ static void iolatency_pd_offline(struct
{
struct iolatency_grp *iolat = pd_to_lat(pd);
struct blkcg_gq *blkg = lat_to_blkg(iolat);
- struct blk_iolatency *blkiolat = iolat->blkiolat;
- int ret;
- ret = iolatency_set_min_lat_nsec(blkg, 0);
- if (ret == 1)
- atomic_inc(&blkiolat->enabled);
- if (ret == -1)
- atomic_dec(&blkiolat->enabled);
+ iolatency_set_min_lat_nsec(blkg, 0);
iolatency_clear_scaling(blkg);
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 426/452] coresight: core: Fix coresight device probe failure issue
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (424 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 425/452] blk-iolatency: Fix inflight count imbalances and IO hangs on offline Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 427/452] phy: qcom-qmp: fix reset-controller leak on probe errors Greg Kroah-Hartman
` (31 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Suzuki K Poulose, Mike Leach, Mao Jinlong
From: Mao Jinlong <quic_jinlmao@quicinc.com>
commit 8c1d3f79d9ca48e406b78e90e94cf09a8c076bf2 upstream.
It is possibe that probe failure issue happens when the device
and its child_device's probe happens at the same time.
In coresight_make_links, has_conns_grp is true for parent, but
has_conns_grp is false for child device as has_conns_grp is set
to true in coresight_create_conns_sysfs_group. The probe of parent
device will fail at this condition. Add has_conns_grp check for
child device before make the links and make the process from
device_register to connection_create be atomic to avoid this
probe failure issue.
Cc: stable@vger.kernel.org
Suggested-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Suggested-by: Mike Leach <mike.leach@linaro.org>
Signed-off-by: Mao Jinlong <quic_jinlmao@quicinc.com>
Link: https://lore.kernel.org/r/20220309142206.15632-1-quic_jinlmao@quicinc.com
[ Added Cc stable ]
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwtracing/coresight/coresight-core.c | 33 ++++++++++++++++++---------
1 file changed, 22 insertions(+), 11 deletions(-)
--- a/drivers/hwtracing/coresight/coresight-core.c
+++ b/drivers/hwtracing/coresight/coresight-core.c
@@ -1337,7 +1337,7 @@ static int coresight_fixup_device_conns(
continue;
conn->child_dev =
coresight_find_csdev_by_fwnode(conn->child_fwnode);
- if (conn->child_dev) {
+ if (conn->child_dev && conn->child_dev->has_conns_grp) {
ret = coresight_make_links(csdev, conn,
conn->child_dev);
if (ret)
@@ -1486,6 +1486,7 @@ struct coresight_device *coresight_regis
int nr_refcnts = 1;
atomic_t *refcnts = NULL;
struct coresight_device *csdev;
+ bool registered = false;
csdev = kzalloc(sizeof(*csdev), GFP_KERNEL);
if (!csdev) {
@@ -1506,7 +1507,8 @@ struct coresight_device *coresight_regis
refcnts = kcalloc(nr_refcnts, sizeof(*refcnts), GFP_KERNEL);
if (!refcnts) {
ret = -ENOMEM;
- goto err_free_csdev;
+ kfree(csdev);
+ goto err_out;
}
csdev->refcnt = refcnts;
@@ -1530,6 +1532,13 @@ struct coresight_device *coresight_regis
csdev->dev.fwnode = fwnode_handle_get(dev_fwnode(desc->dev));
dev_set_name(&csdev->dev, "%s", desc->name);
+ /*
+ * Make sure the device registration and the connection fixup
+ * are synchronised, so that we don't see uninitialised devices
+ * on the coresight bus while trying to resolve the connections.
+ */
+ mutex_lock(&coresight_mutex);
+
ret = device_register(&csdev->dev);
if (ret) {
put_device(&csdev->dev);
@@ -1537,7 +1546,7 @@ struct coresight_device *coresight_regis
* All resources are free'd explicitly via
* coresight_device_release(), triggered from put_device().
*/
- goto err_out;
+ goto out_unlock;
}
if (csdev->type == CORESIGHT_DEV_TYPE_SINK ||
@@ -1552,11 +1561,11 @@ struct coresight_device *coresight_regis
* from put_device(), which is in turn called from
* function device_unregister().
*/
- goto err_out;
+ goto out_unlock;
}
}
-
- mutex_lock(&coresight_mutex);
+ /* Device is now registered */
+ registered = true;
ret = coresight_create_conns_sysfs_group(csdev);
if (!ret)
@@ -1566,16 +1575,18 @@ struct coresight_device *coresight_regis
if (!ret && cti_assoc_ops && cti_assoc_ops->add)
cti_assoc_ops->add(csdev);
+out_unlock:
mutex_unlock(&coresight_mutex);
- if (ret) {
+ /* Success */
+ if (!ret)
+ return csdev;
+
+ /* Unregister the device if needed */
+ if (registered) {
coresight_unregister(csdev);
return ERR_PTR(ret);
}
- return csdev;
-
-err_free_csdev:
- kfree(csdev);
err_out:
/* Cleanup the connection information */
coresight_release_platform_data(NULL, desc->pdata);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 427/452] phy: qcom-qmp: fix reset-controller leak on probe errors
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (425 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 426/452] coresight: core: Fix coresight device probe failure issue Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 428/452] net: ipa: fix page free in ipa_endpoint_trans_release() Greg Kroah-Hartman
` (30 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vivek Gautam, Philipp Zabel,
Johan Hovold, Bjorn Andersson, Vinod Koul
From: Johan Hovold <johan+linaro@kernel.org>
commit 4d2900f20edfe541f75756a00deeb2ffe7c66bc1 upstream.
Make sure to release the lane reset controller in case of a late probe
error (e.g. probe deferral).
Note that due to the reset controller being defined in devicetree in
"lane" child nodes, devm_reset_control_get_exclusive() cannot be used
directly.
Fixes: e78f3d15e115 ("phy: qcom-qmp: new qmp phy driver for qcom-chipsets")
Cc: stable@vger.kernel.org # 4.12
Cc: Vivek Gautam <vivek.gautam@codeaurora.org>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220427063243.32576-3-johan+linaro@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/phy/qualcomm/phy-qcom-qmp.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/drivers/phy/qualcomm/phy-qcom-qmp.c
+++ b/drivers/phy/qualcomm/phy-qcom-qmp.c
@@ -3717,6 +3717,11 @@ static const struct phy_ops qcom_qmp_pci
.owner = THIS_MODULE,
};
+static void qcom_qmp_reset_control_put(void *data)
+{
+ reset_control_put(data);
+}
+
static
int qcom_qmp_phy_create(struct device *dev, struct device_node *np, int id,
void __iomem *serdes, const struct qmp_phy_cfg *cfg)
@@ -3811,6 +3816,10 @@ int qcom_qmp_phy_create(struct device *d
dev_err(dev, "failed to get lane%d reset\n", id);
return PTR_ERR(qphy->lane_rst);
}
+ ret = devm_add_action_or_reset(dev, qcom_qmp_reset_control_put,
+ qphy->lane_rst);
+ if (ret)
+ return ret;
}
if (cfg->type == PHY_TYPE_UFS || cfg->type == PHY_TYPE_PCIE)
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 428/452] net: ipa: fix page free in ipa_endpoint_trans_release()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (426 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 427/452] phy: qcom-qmp: fix reset-controller leak on probe errors Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 429/452] net: ipa: fix page free in ipa_endpoint_replenish_one() Greg Kroah-Hartman
` (29 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alex Elder, Jakub Kicinski
From: Alex Elder <elder@linaro.org>
commit 155c0c90bca918de6e4327275dfc1d97fd604115 upstream.
Currently the (possibly compound) page used for receive buffers are
freed using __free_pages(). But according to this comment above the
definition of that function, that's wrong:
If you want to use the page's reference count to decide when
to free the allocation, you should allocate a compound page,
and use put_page() instead of __free_pages().
Convert the call to __free_pages() in ipa_endpoint_trans_release()
to use put_page() instead.
Fixes: ed23f02680caa ("net: ipa: define per-endpoint receive buffer size")
Signed-off-by: Alex Elder <elder@linaro.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ipa/ipa_endpoint.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ipa/ipa_endpoint.c
+++ b/drivers/net/ipa/ipa_endpoint.c
@@ -1179,7 +1179,7 @@ void ipa_endpoint_trans_release(struct i
struct page *page = trans->data;
if (page)
- __free_pages(page, get_order(IPA_RX_BUFFER_SIZE));
+ put_page(page);
}
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 429/452] net: ipa: fix page free in ipa_endpoint_replenish_one()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (427 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 428/452] net: ipa: fix page free in ipa_endpoint_trans_release() Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 430/452] xfs: set inode size after creating symlink Greg Kroah-Hartman
` (28 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alex Elder, Jakub Kicinski
From: Alex Elder <elder@linaro.org>
commit 70132763d5d2e94cd185e3aa92ac6a3ba89068fa upstream.
Currently the (possibly compound) pages used for receive buffers are
freed using __free_pages(). But according to this comment above the
definition of that function, that's wrong:
If you want to use the page's reference count to decide
when to free the allocation, you should allocate a compound
page, and use put_page() instead of __free_pages().
Convert the call to __free_pages() in ipa_endpoint_replenish_one()
to use put_page() instead.
Fixes: 6a606b90153b8 ("net: ipa: allocate transaction in replenish loop")
Signed-off-by: Alex Elder <elder@linaro.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ipa/ipa_endpoint.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ipa/ipa_endpoint.c
+++ b/drivers/net/ipa/ipa_endpoint.c
@@ -884,7 +884,7 @@ static int ipa_endpoint_replenish_one(st
err_trans_free:
gsi_trans_free(trans);
err_free_pages:
- __free_pages(page, get_order(IPA_RX_BUFFER_SIZE));
+ put_page(page);
return -ENOMEM;
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 430/452] xfs: set inode size after creating symlink
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (428 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 429/452] net: ipa: fix page free in ipa_endpoint_replenish_one() Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 431/452] xfs: sync lazy sb accounting on quiesce of read-only mounts Greg Kroah-Hartman
` (27 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeffrey Mitchell, Darrick J. Wong,
Christoph Hellwig, Brian Foster, Amir Goldstein
From: Jeffrey Mitchell <jeffrey.mitchell@starlab.io>
commit 8aa921a95335d0a8c8e2be35a44467e7c91ec3e4 upstream.
When XFS creates a new symlink, it writes its size to disk but not to the
VFS inode. This causes i_size_read() to return 0 for that symlink until
it is re-read from disk, for example when the system is rebooted.
I found this inconsistency while protecting directories with eCryptFS.
The command "stat path/to/symlink/in/ecryptfs" will report "Size: 0" if
the symlink was created after the last reboot on an XFS root.
Call i_size_write() in xfs_symlink()
Signed-off-by: Jeffrey Mitchell <jeffrey.mitchell@starlab.io>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_symlink.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/xfs/xfs_symlink.c
+++ b/fs/xfs/xfs_symlink.c
@@ -300,6 +300,7 @@ xfs_symlink(
}
ASSERT(pathlen == 0);
}
+ i_size_write(VFS_I(ip), ip->i_d.di_size);
/*
* Create the directory entry for the symlink.
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 431/452] xfs: sync lazy sb accounting on quiesce of read-only mounts
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (429 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 430/452] xfs: set inode size after creating symlink Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 432/452] xfs: fix chown leaking delalloc quota blocks when fssetxattr fails Greg Kroah-Hartman
` (26 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Foster, Gao Xiang,
Allison Henderson, Darrick J. Wong, Bill ODonnell,
Darrick J. Wong, Amir Goldstein
From: Brian Foster <bfoster@redhat.com>
commit 50d25484bebe94320c49dd1347d3330c7063bbdb upstream.
xfs_log_sbcount() syncs the superblock specifically to accumulate
the in-core percpu superblock counters and commit them to disk. This
is required to maintain filesystem consistency across quiesce
(freeze, read-only mount/remount) or unmount when lazy superblock
accounting is enabled because individual transactions do not update
the superblock directly.
This mechanism works as expected for writable mounts, but
xfs_log_sbcount() skips the update for read-only mounts. Read-only
mounts otherwise still allow log recovery and write out an unmount
record during log quiesce. If a read-only mount performs log
recovery, it can modify the in-core superblock counters and write an
unmount record when the filesystem unmounts without ever syncing the
in-core counters. This leaves the filesystem with a clean log but in
an inconsistent state with regard to lazy sb counters.
Update xfs_log_sbcount() to use the same logic
xfs_log_unmount_write() uses to determine when to write an unmount
record. This ensures that lazy accounting is always synced before
the log is cleaned. Refactor this logic into a new helper to
distinguish between a writable filesystem and a writable log.
Specifically, the log is writable unless the filesystem is mounted
with the norecovery mount option, the underlying log device is
read-only, or the filesystem is shutdown. Drop the freeze state
check because the update is already allowed during the freezing
process and no context calls this function on an already frozen fs.
Also, retain the shutdown check in xfs_log_unmount_write() to catch
the case where the preceding log force might have triggered a
shutdown.
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Gao Xiang <hsiangkao@redhat.com>
Reviewed-by: Allison Henderson <allison.henderson@oracle.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Bill O'Donnell <billodo@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_log.c | 28 ++++++++++++++++++++--------
fs/xfs/xfs_log.h | 1 +
fs/xfs/xfs_mount.c | 3 +--
3 files changed, 22 insertions(+), 10 deletions(-)
--- a/fs/xfs/xfs_log.c
+++ b/fs/xfs/xfs_log.c
@@ -347,6 +347,25 @@ xlog_tic_add_region(xlog_ticket_t *tic,
tic->t_res_num++;
}
+bool
+xfs_log_writable(
+ struct xfs_mount *mp)
+{
+ /*
+ * Never write to the log on norecovery mounts, if the block device is
+ * read-only, or if the filesystem is shutdown. Read-only mounts still
+ * allow internal writes for log recovery and unmount purposes, so don't
+ * restrict that case here.
+ */
+ if (mp->m_flags & XFS_MOUNT_NORECOVERY)
+ return false;
+ if (xfs_readonly_buftarg(mp->m_log->l_targ))
+ return false;
+ if (XFS_FORCED_SHUTDOWN(mp))
+ return false;
+ return true;
+}
+
/*
* Replenish the byte reservation required by moving the grant write head.
*/
@@ -886,15 +905,8 @@ xfs_log_unmount_write(
{
struct xlog *log = mp->m_log;
- /*
- * Don't write out unmount record on norecovery mounts or ro devices.
- * Or, if we are doing a forced umount (typically because of IO errors).
- */
- if (mp->m_flags & XFS_MOUNT_NORECOVERY ||
- xfs_readonly_buftarg(log->l_targ)) {
- ASSERT(mp->m_flags & XFS_MOUNT_RDONLY);
+ if (!xfs_log_writable(mp))
return;
- }
xfs_log_force(mp, XFS_LOG_SYNC);
--- a/fs/xfs/xfs_log.h
+++ b/fs/xfs/xfs_log.h
@@ -127,6 +127,7 @@ int xfs_log_reserve(struct xfs_mount *
int xfs_log_regrant(struct xfs_mount *mp, struct xlog_ticket *tic);
void xfs_log_unmount(struct xfs_mount *mp);
int xfs_log_force_umount(struct xfs_mount *mp, int logerror);
+bool xfs_log_writable(struct xfs_mount *mp);
struct xlog_ticket *xfs_log_ticket_get(struct xlog_ticket *ticket);
void xfs_log_ticket_put(struct xlog_ticket *ticket);
--- a/fs/xfs/xfs_mount.c
+++ b/fs/xfs/xfs_mount.c
@@ -1176,8 +1176,7 @@ xfs_fs_writable(
int
xfs_log_sbcount(xfs_mount_t *mp)
{
- /* allow this to proceed during the freeze sequence... */
- if (!xfs_fs_writable(mp, SB_FREEZE_COMPLETE))
+ if (!xfs_log_writable(mp))
return 0;
/*
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 432/452] xfs: fix chown leaking delalloc quota blocks when fssetxattr fails
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (430 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 431/452] xfs: sync lazy sb accounting on quiesce of read-only mounts Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 433/452] xfs: fix incorrect root dquot corruption error when switching group/project quota types Greg Kroah-Hartman
` (25 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Darrick J. Wong, Christoph Hellwig,
Brian Foster, Amir Goldstein
From: "Darrick J. Wong" <djwong@kernel.org>
commit 1aecf3734a95f3c167d1495550ca57556d33f7ec upstream.
While refactoring the quota code to create a function to allocate inode
change transactions, I noticed that xfs_qm_vop_chown_reserve does more
than just make reservations: it also *modifies* the incore counts
directly to handle the owner id change for the delalloc blocks.
I then observed that the fssetxattr code continues validating input
arguments after making the quota reservation but before dirtying the
transaction. If the routine decides to error out, it fails to undo the
accounting switch! This leads to incorrect quota reservation and
failure down the line.
We can fix this by making the reservation function do only that -- for
the new dquot, it reserves ondisk and delalloc blocks to the
transaction, and the old dquot hangs on to its incore reservation for
now. Once we actually switch the dquots, we can then update the incore
reservations because we've dirtied the transaction and it's too late to
turn back now.
No fixes tag because this has been broken since the start of git.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_qm.c | 92 +++++++++++++++++++++-----------------------------------
1 file changed, 35 insertions(+), 57 deletions(-)
--- a/fs/xfs/xfs_qm.c
+++ b/fs/xfs/xfs_qm.c
@@ -1786,6 +1786,29 @@ xfs_qm_vop_chown(
xfs_trans_mod_dquot(tp, newdq, XFS_TRANS_DQ_ICOUNT, 1);
/*
+ * Back when we made quota reservations for the chown, we reserved the
+ * ondisk blocks + delalloc blocks with the new dquot. Now that we've
+ * switched the dquots, decrease the new dquot's block reservation
+ * (having already bumped up the real counter) so that we don't have
+ * any reservation to give back when we commit.
+ */
+ xfs_trans_mod_dquot(tp, newdq, XFS_TRANS_DQ_RES_BLKS,
+ -ip->i_delayed_blks);
+
+ /*
+ * Give the incore reservation for delalloc blocks back to the old
+ * dquot. We don't normally handle delalloc quota reservations
+ * transactionally, so just lock the dquot and subtract from the
+ * reservation. Dirty the transaction because it's too late to turn
+ * back now.
+ */
+ tp->t_flags |= XFS_TRANS_DIRTY;
+ xfs_dqlock(prevdq);
+ ASSERT(prevdq->q_blk.reserved >= ip->i_delayed_blks);
+ prevdq->q_blk.reserved -= ip->i_delayed_blks;
+ xfs_dqunlock(prevdq);
+
+ /*
* Take an extra reference, because the inode is going to keep
* this dquot pointer even after the trans_commit.
*/
@@ -1807,84 +1830,39 @@ xfs_qm_vop_chown_reserve(
uint flags)
{
struct xfs_mount *mp = ip->i_mount;
- uint64_t delblks;
unsigned int blkflags;
- struct xfs_dquot *udq_unres = NULL;
- struct xfs_dquot *gdq_unres = NULL;
- struct xfs_dquot *pdq_unres = NULL;
struct xfs_dquot *udq_delblks = NULL;
struct xfs_dquot *gdq_delblks = NULL;
struct xfs_dquot *pdq_delblks = NULL;
- int error;
-
ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL|XFS_ILOCK_SHARED));
ASSERT(XFS_IS_QUOTA_RUNNING(mp));
- delblks = ip->i_delayed_blks;
blkflags = XFS_IS_REALTIME_INODE(ip) ?
XFS_QMOPT_RES_RTBLKS : XFS_QMOPT_RES_REGBLKS;
if (XFS_IS_UQUOTA_ON(mp) && udqp &&
- i_uid_read(VFS_I(ip)) != udqp->q_id) {
+ i_uid_read(VFS_I(ip)) != udqp->q_id)
udq_delblks = udqp;
- /*
- * If there are delayed allocation blocks, then we have to
- * unreserve those from the old dquot, and add them to the
- * new dquot.
- */
- if (delblks) {
- ASSERT(ip->i_udquot);
- udq_unres = ip->i_udquot;
- }
- }
+
if (XFS_IS_GQUOTA_ON(ip->i_mount) && gdqp &&
- i_gid_read(VFS_I(ip)) != gdqp->q_id) {
+ i_gid_read(VFS_I(ip)) != gdqp->q_id)
gdq_delblks = gdqp;
- if (delblks) {
- ASSERT(ip->i_gdquot);
- gdq_unres = ip->i_gdquot;
- }
- }
if (XFS_IS_PQUOTA_ON(ip->i_mount) && pdqp &&
- ip->i_d.di_projid != pdqp->q_id) {
+ ip->i_d.di_projid != pdqp->q_id)
pdq_delblks = pdqp;
- if (delblks) {
- ASSERT(ip->i_pdquot);
- pdq_unres = ip->i_pdquot;
- }
- }
-
- error = xfs_trans_reserve_quota_bydquots(tp, ip->i_mount,
- udq_delblks, gdq_delblks, pdq_delblks,
- ip->i_d.di_nblocks, 1, flags | blkflags);
- if (error)
- return error;
/*
- * Do the delayed blks reservations/unreservations now. Since, these
- * are done without the help of a transaction, if a reservation fails
- * its previous reservations won't be automatically undone by trans
- * code. So, we have to do it manually here.
+ * Reserve enough quota to handle blocks on disk and reserved for a
+ * delayed allocation. We'll actually transfer the delalloc
+ * reservation between dquots at chown time, even though that part is
+ * only semi-transactional.
*/
- if (delblks) {
- /*
- * Do the reservations first. Unreservation can't fail.
- */
- ASSERT(udq_delblks || gdq_delblks || pdq_delblks);
- ASSERT(udq_unres || gdq_unres || pdq_unres);
- error = xfs_trans_reserve_quota_bydquots(NULL, ip->i_mount,
- udq_delblks, gdq_delblks, pdq_delblks,
- (xfs_qcnt_t)delblks, 0, flags | blkflags);
- if (error)
- return error;
- xfs_trans_reserve_quota_bydquots(NULL, ip->i_mount,
- udq_unres, gdq_unres, pdq_unres,
- -((xfs_qcnt_t)delblks), 0, blkflags);
- }
-
- return 0;
+ return xfs_trans_reserve_quota_bydquots(tp, ip->i_mount, udq_delblks,
+ gdq_delblks, pdq_delblks,
+ ip->i_d.di_nblocks + ip->i_delayed_blks,
+ 1, blkflags | flags);
}
int
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 433/452] xfs: fix incorrect root dquot corruption error when switching group/project quota types
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (431 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 432/452] xfs: fix chown leaking delalloc quota blocks when fssetxattr fails Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 434/452] xfs: restore shutdown check in mapped write fault path Greg Kroah-Hartman
` (24 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Darrick J. Wong, Brian Foster,
Chandan Babu R, Amir Goldstein
From: "Darrick J. Wong" <djwong@kernel.org>
commit 45068063efb7dd0a8d115c106aa05d9ab0946257 upstream.
While writing up a regression test for broken behavior when a chprojid
request fails, I noticed that we were logging corruption notices about
the root dquot of the group/project quota file at mount time when
testing V4 filesystems.
In commit afeda6000b0c, I was trying to improve ondisk dquot validation
by making sure that when we load an ondisk dquot into memory on behalf
of an incore dquot, the dquot id and type matches. Unfortunately, I
forgot that V4 filesystems only have two quota files, and can switch
that file between group and project quota types at mount time. When we
perform that switch, we'll try to load the default quota limits from the
root dquot prior to running quotacheck and log a corruption error when
the types don't match.
This is inconsequential because quotacheck will reset the second quota
file as part of doing the switch, but we shouldn't leave scary messages
in the kernel log.
Fixes: afeda6000b0c ("xfs: validate ondisk/incore dquot flags")
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Chandan Babu R <chandanrlinux@gmail.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_dquot.c | 39 +++++++++++++++++++++++++++++++++++++--
1 file changed, 37 insertions(+), 2 deletions(-)
--- a/fs/xfs/xfs_dquot.c
+++ b/fs/xfs/xfs_dquot.c
@@ -500,6 +500,42 @@ xfs_dquot_alloc(
return dqp;
}
+/* Check the ondisk dquot's id and type match what the incore dquot expects. */
+static bool
+xfs_dquot_check_type(
+ struct xfs_dquot *dqp,
+ struct xfs_disk_dquot *ddqp)
+{
+ uint8_t ddqp_type;
+ uint8_t dqp_type;
+
+ ddqp_type = ddqp->d_type & XFS_DQTYPE_REC_MASK;
+ dqp_type = xfs_dquot_type(dqp);
+
+ if (be32_to_cpu(ddqp->d_id) != dqp->q_id)
+ return false;
+
+ /*
+ * V5 filesystems always expect an exact type match. V4 filesystems
+ * expect an exact match for user dquots and for non-root group and
+ * project dquots.
+ */
+ if (xfs_sb_version_hascrc(&dqp->q_mount->m_sb) ||
+ dqp_type == XFS_DQTYPE_USER || dqp->q_id != 0)
+ return ddqp_type == dqp_type;
+
+ /*
+ * V4 filesystems support either group or project quotas, but not both
+ * at the same time. The non-user quota file can be switched between
+ * group and project quota uses depending on the mount options, which
+ * means that we can encounter the other type when we try to load quota
+ * defaults. Quotacheck will soon reset the the entire quota file
+ * (including the root dquot) anyway, but don't log scary corruption
+ * reports to dmesg.
+ */
+ return ddqp_type == XFS_DQTYPE_GROUP || ddqp_type == XFS_DQTYPE_PROJ;
+}
+
/* Copy the in-core quota fields in from the on-disk buffer. */
STATIC int
xfs_dquot_from_disk(
@@ -512,8 +548,7 @@ xfs_dquot_from_disk(
* Ensure that we got the type and ID we were looking for.
* Everything else was checked by the dquot buffer verifier.
*/
- if ((ddqp->d_type & XFS_DQTYPE_REC_MASK) != xfs_dquot_type(dqp) ||
- be32_to_cpu(ddqp->d_id) != dqp->q_id) {
+ if (!xfs_dquot_check_type(dqp, ddqp)) {
xfs_alert_tag(bp->b_mount, XFS_PTAG_VERIFIER_ERROR,
"Metadata corruption detected at %pS, quota %u",
__this_address, dqp->q_id);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 434/452] xfs: restore shutdown check in mapped write fault path
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (432 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 433/452] xfs: fix incorrect root dquot corruption error when switching group/project quota types Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 435/452] xfs: force log and push AIL to clear pinned inodes when aborting mount Greg Kroah-Hartman
` (23 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Foster, Eric Sandeen,
Darrick J. Wong, Amir Goldstein
From: Brian Foster <bfoster@redhat.com>
commit e4826691cc7e5458bcb659935d0092bcf3f08c20 upstream.
XFS triggers an iomap warning in the write fault path due to a
!PageUptodate() page if a write fault happens to occur on a page
that recently failed writeback. The iomap writeback error handling
code can clear the Uptodate flag if no portion of the page is
submitted for I/O. This is reproduced by fstest generic/019, which
combines various forms of I/O with simulated disk failures that
inevitably lead to filesystem shutdown (which then unconditionally
fails page writeback).
This is a regression introduced by commit f150b4234397 ("xfs: split
the iomap ops for buffered vs direct writes") due to the removal of
a shutdown check and explicit error return in the ->iomap_begin()
path used by the write fault path. The explicit error return
historically translated to a SIGBUS, but now carries on with iomap
processing where it complains about the unexpected state. Restore
the shutdown check to xfs_buffered_write_iomap_begin() to restore
historical behavior.
Fixes: f150b4234397 ("xfs: split the iomap ops for buffered vs direct writes")
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_iomap.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/xfs/xfs_iomap.c
+++ b/fs/xfs/xfs_iomap.c
@@ -870,6 +870,9 @@ xfs_buffered_write_iomap_begin(
int allocfork = XFS_DATA_FORK;
int error = 0;
+ if (XFS_FORCED_SHUTDOWN(mp))
+ return -EIO;
+
/* we can't use delayed allocations when using extent size hints */
if (xfs_get_extsz_hint(ip))
return xfs_direct_write_iomap_begin(inode, offset, count,
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 435/452] xfs: force log and push AIL to clear pinned inodes when aborting mount
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (433 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 434/452] xfs: restore shutdown check in mapped write fault path Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 436/452] xfs: consider shutdown in bmapbt cursor delete assert Greg Kroah-Hartman
` (22 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Darrick J. Wong, Christoph Hellwig,
Dave Chinner, Amir Goldstein
From: "Darrick J. Wong" <djwong@kernel.org>
commit d336f7ebc65007f5831e2297e6f3383ae8dbf8ed upstream.
If we allocate quota inodes in the process of mounting a filesystem but
then decide to abort the mount, it's possible that the quota inodes are
sitting around pinned by the log. Now that inode reclaim relies on the
AIL to flush inodes, we have to force the log and push the AIL in
between releasing the quota inodes and kicking off reclaim to tear down
all the incore inodes. Do this by extracting the bits we need from the
unmount path and reusing them. As an added bonus, failed writes during
a failed mount will not retry forever now.
This was originally found during a fuzz test of metadata directories
(xfs/1546), but the actual symptom was that reclaim hung up on the quota
inodes.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_mount.c | 90 +++++++++++++++++++++++++----------------------------
1 file changed, 44 insertions(+), 46 deletions(-)
--- a/fs/xfs/xfs_mount.c
+++ b/fs/xfs/xfs_mount.c
@@ -632,6 +632,47 @@ xfs_check_summary_counts(
}
/*
+ * Flush and reclaim dirty inodes in preparation for unmount. Inodes and
+ * internal inode structures can be sitting in the CIL and AIL at this point,
+ * so we need to unpin them, write them back and/or reclaim them before unmount
+ * can proceed.
+ *
+ * An inode cluster that has been freed can have its buffer still pinned in
+ * memory because the transaction is still sitting in a iclog. The stale inodes
+ * on that buffer will be pinned to the buffer until the transaction hits the
+ * disk and the callbacks run. Pushing the AIL will skip the stale inodes and
+ * may never see the pinned buffer, so nothing will push out the iclog and
+ * unpin the buffer.
+ *
+ * Hence we need to force the log to unpin everything first. However, log
+ * forces don't wait for the discards they issue to complete, so we have to
+ * explicitly wait for them to complete here as well.
+ *
+ * Then we can tell the world we are unmounting so that error handling knows
+ * that the filesystem is going away and we should error out anything that we
+ * have been retrying in the background. This will prevent never-ending
+ * retries in AIL pushing from hanging the unmount.
+ *
+ * Finally, we can push the AIL to clean all the remaining dirty objects, then
+ * reclaim the remaining inodes that are still in memory at this point in time.
+ */
+static void
+xfs_unmount_flush_inodes(
+ struct xfs_mount *mp)
+{
+ xfs_log_force(mp, XFS_LOG_SYNC);
+ xfs_extent_busy_wait_all(mp);
+ flush_workqueue(xfs_discard_wq);
+
+ mp->m_flags |= XFS_MOUNT_UNMOUNTING;
+
+ xfs_ail_push_all_sync(mp->m_ail);
+ cancel_delayed_work_sync(&mp->m_reclaim_work);
+ xfs_reclaim_inodes(mp);
+ xfs_health_unmount(mp);
+}
+
+/*
* This function does the following on an initial mount of a file system:
* - reads the superblock from disk and init the mount struct
* - if we're a 32-bit kernel, do a size check on the superblock
@@ -1005,7 +1046,7 @@ xfs_mountfs(
/* Clean out dquots that might be in memory after quotacheck. */
xfs_qm_unmount(mp);
/*
- * Cancel all delayed reclaim work and reclaim the inodes directly.
+ * Flush all inode reclamation work and flush the log.
* We have to do this /after/ rtunmount and qm_unmount because those
* two will have scheduled delayed reclaim for the rt/quota inodes.
*
@@ -1015,11 +1056,8 @@ xfs_mountfs(
* qm_unmount_quotas and therefore rely on qm_unmount to release the
* quota inodes.
*/
- cancel_delayed_work_sync(&mp->m_reclaim_work);
- xfs_reclaim_inodes(mp);
- xfs_health_unmount(mp);
+ xfs_unmount_flush_inodes(mp);
out_log_dealloc:
- mp->m_flags |= XFS_MOUNT_UNMOUNTING;
xfs_log_mount_cancel(mp);
out_fail_wait:
if (mp->m_logdev_targp && mp->m_logdev_targp != mp->m_ddev_targp)
@@ -1060,47 +1098,7 @@ xfs_unmountfs(
xfs_rtunmount_inodes(mp);
xfs_irele(mp->m_rootip);
- /*
- * We can potentially deadlock here if we have an inode cluster
- * that has been freed has its buffer still pinned in memory because
- * the transaction is still sitting in a iclog. The stale inodes
- * on that buffer will be pinned to the buffer until the
- * transaction hits the disk and the callbacks run. Pushing the AIL will
- * skip the stale inodes and may never see the pinned buffer, so
- * nothing will push out the iclog and unpin the buffer. Hence we
- * need to force the log here to ensure all items are flushed into the
- * AIL before we go any further.
- */
- xfs_log_force(mp, XFS_LOG_SYNC);
-
- /*
- * Wait for all busy extents to be freed, including completion of
- * any discard operation.
- */
- xfs_extent_busy_wait_all(mp);
- flush_workqueue(xfs_discard_wq);
-
- /*
- * We now need to tell the world we are unmounting. This will allow
- * us to detect that the filesystem is going away and we should error
- * out anything that we have been retrying in the background. This will
- * prevent neverending retries in AIL pushing from hanging the unmount.
- */
- mp->m_flags |= XFS_MOUNT_UNMOUNTING;
-
- /*
- * Flush all pending changes from the AIL.
- */
- xfs_ail_push_all_sync(mp->m_ail);
-
- /*
- * Reclaim all inodes. At this point there should be no dirty inodes and
- * none should be pinned or locked. Stop background inode reclaim here
- * if it is still running.
- */
- cancel_delayed_work_sync(&mp->m_reclaim_work);
- xfs_reclaim_inodes(mp);
- xfs_health_unmount(mp);
+ xfs_unmount_flush_inodes(mp);
xfs_qm_unmount(mp);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 436/452] xfs: consider shutdown in bmapbt cursor delete assert
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (434 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 435/452] xfs: force log and push AIL to clear pinned inodes when aborting mount Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 437/452] xfs: assert in xfs_btree_del_cursor should take into account error Greg Kroah-Hartman
` (21 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Foster, Darrick J. Wong,
Amir Goldstein
From: Brian Foster <bfoster@redhat.com>
commit 1cd738b13ae9b29e03d6149f0246c61f76e81fcf upstream.
The assert in xfs_btree_del_cursor() checks that the bmapbt block
allocation field has been handled correctly before the cursor is
freed. This field is used for accurate calculation of indirect block
reservation requirements (for delayed allocations), for example.
generic/019 reproduces a scenario where this assert fails because
the filesystem has shutdown while in the middle of a bmbt record
insertion. This occurs after a bmbt block has been allocated via the
cursor but before the higher level bmap function (i.e.
xfs_bmap_add_extent_hole_real()) completes and resets the field.
Update the assert to accommodate the transient state if the
filesystem has shutdown. While here, clean up the indentation and
comments in the function.
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_btree.c | 33 ++++++++++++---------------------
1 file changed, 12 insertions(+), 21 deletions(-)
--- a/fs/xfs/libxfs/xfs_btree.c
+++ b/fs/xfs/libxfs/xfs_btree.c
@@ -353,20 +353,17 @@ xfs_btree_free_block(
*/
void
xfs_btree_del_cursor(
- xfs_btree_cur_t *cur, /* btree cursor */
- int error) /* del because of error */
+ struct xfs_btree_cur *cur, /* btree cursor */
+ int error) /* del because of error */
{
- int i; /* btree level */
+ int i; /* btree level */
/*
- * Clear the buffer pointers, and release the buffers.
- * If we're doing this in the face of an error, we
- * need to make sure to inspect all of the entries
- * in the bc_bufs array for buffers to be unlocked.
- * This is because some of the btree code works from
- * level n down to 0, and if we get an error along
- * the way we won't have initialized all the entries
- * down to 0.
+ * Clear the buffer pointers and release the buffers. If we're doing
+ * this because of an error, inspect all of the entries in the bc_bufs
+ * array for buffers to be unlocked. This is because some of the btree
+ * code works from level n down to 0, and if we get an error along the
+ * way we won't have initialized all the entries down to 0.
*/
for (i = 0; i < cur->bc_nlevels; i++) {
if (cur->bc_bufs[i])
@@ -374,17 +371,11 @@ xfs_btree_del_cursor(
else if (!error)
break;
}
- /*
- * Can't free a bmap cursor without having dealt with the
- * allocated indirect blocks' accounting.
- */
- ASSERT(cur->bc_btnum != XFS_BTNUM_BMAP ||
- cur->bc_ino.allocated == 0);
- /*
- * Free the cursor.
- */
+
+ ASSERT(cur->bc_btnum != XFS_BTNUM_BMAP || cur->bc_ino.allocated == 0 ||
+ XFS_FORCED_SHUTDOWN(cur->bc_mp));
if (unlikely(cur->bc_flags & XFS_BTREE_STAGING))
- kmem_free((void *)cur->bc_ops);
+ kmem_free(cur->bc_ops);
kmem_cache_free(xfs_btree_cur_zone, cur);
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 437/452] xfs: assert in xfs_btree_del_cursor should take into account error
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (435 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 436/452] xfs: consider shutdown in bmapbt cursor delete assert Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 438/452] kseltest/cgroup: Make test_stress.sh work if run interactively Greg Kroah-Hartman
` (20 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Chinner, Darrick J. Wong,
Christoph Hellwig, Dave Chinner, Amir Goldstein
From: Dave Chinner <dchinner@redhat.com>
commit 56486f307100e8fc66efa2ebd8a71941fa10bf6f upstream.
xfs/538 on a 1kB block filesystem failed with this assert:
XFS: Assertion failed: cur->bc_btnum != XFS_BTNUM_BMAP || cur->bc_ino.allocated == 0 || xfs_is_shutdown(cur->bc_mp), file: fs/xfs/libxfs/xfs_btree.c, line: 448
The problem was that an allocation failed unexpectedly in
xfs_bmbt_alloc_block() after roughly 150,000 minlen allocation error
injections, resulting in an EFSCORRUPTED error being returned to
xfs_bmapi_write(). The error occurred on extent-to-btree format
conversion allocating the new root block:
RIP: 0010:xfs_bmbt_alloc_block+0x177/0x210
Call Trace:
<TASK>
xfs_btree_new_iroot+0xdf/0x520
xfs_btree_make_block_unfull+0x10d/0x1c0
xfs_btree_insrec+0x364/0x790
xfs_btree_insert+0xaa/0x210
xfs_bmap_add_extent_hole_real+0x1fe/0x9a0
xfs_bmapi_allocate+0x34c/0x420
xfs_bmapi_write+0x53c/0x9c0
xfs_alloc_file_space+0xee/0x320
xfs_file_fallocate+0x36b/0x450
vfs_fallocate+0x148/0x340
__x64_sys_fallocate+0x3c/0x70
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xa
Why the allocation failed at this point is unknown, but is likely
that we ran the transaction out of reserved space and filesystem out
of space with bmbt blocks because of all the minlen allocations
being done causing worst case fragmentation of a large allocation.
Regardless of the cause, we've then called xfs_bmapi_finish() which
calls xfs_btree_del_cursor(cur, error) to tear down the cursor.
So we have a failed operation, error != 0, cur->bc_ino.allocated > 0
and the filesystem is still up. The assert fails to take into
account that allocation can fail with an error and the transaction
teardown will shut the filesystem down if necessary. i.e. the
assert needs to check "|| error != 0" as well, because at this point
shutdown is pending because the current transaction is dirty....
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_btree.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/fs/xfs/libxfs/xfs_btree.c
+++ b/fs/xfs/libxfs/xfs_btree.c
@@ -372,8 +372,14 @@ xfs_btree_del_cursor(
break;
}
+ /*
+ * If we are doing a BMBT update, the number of unaccounted blocks
+ * allocated during this cursor life time should be zero. If it's not
+ * zero, then we should be shut down or on our way to shutdown due to
+ * cancelling a dirty transaction on error.
+ */
ASSERT(cur->bc_btnum != XFS_BTNUM_BMAP || cur->bc_ino.allocated == 0 ||
- XFS_FORCED_SHUTDOWN(cur->bc_mp));
+ XFS_FORCED_SHUTDOWN(cur->bc_mp) || error != 0);
if (unlikely(cur->bc_flags & XFS_BTREE_STAGING))
kmem_free(cur->bc_ops);
kmem_cache_free(xfs_btree_cur_zone, cur);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 438/452] kseltest/cgroup: Make test_stress.sh work if run interactively
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (436 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 437/452] xfs: assert in xfs_btree_del_cursor should take into account error Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 439/452] thermal/core: fix a UAF bug in __thermal_cooling_device_register() Greg Kroah-Hartman
` (19 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Waiman Long, Tejun Heo
From: Waiman Long <longman@redhat.com>
commit 213adc63dfbcdff9a0c19ec1f2681fda9c05cf6d upstream.
Commit 54de76c01239 ("kselftest/cgroup: fix test_stress.sh to use OUTPUT
dir") changes the test_core command path from . to $OUTPUT. However,
variable OUTPUT may not be defined if the command is run interactively.
Fix that by using ${OUTPUT:-.} to cover both cases.
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/cgroup/test_stress.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/testing/selftests/cgroup/test_stress.sh
+++ b/tools/testing/selftests/cgroup/test_stress.sh
@@ -1,4 +1,4 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
-./with_stress.sh -s subsys -s fork ${OUTPUT}/test_core
+./with_stress.sh -s subsys -s fork ${OUTPUT:-.}/test_core
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 439/452] thermal/core: fix a UAF bug in __thermal_cooling_device_register()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (437 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 438/452] kseltest/cgroup: Make test_stress.sh work if run interactively Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 440/452] thermal/core: Fix memory leak in the error path Greg Kroah-Hartman
` (18 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ziyang Xuan, kernel test robot,
Daniel Lezcano
From: Ziyang Xuan <william.xuanziyang@huawei.com>
commit 0a5c26712f963f0500161a23e0ffff8d29f742ab upstream.
When device_register() return failed, program will goto out_kfree_type
to release 'cdev->device' by put_device(). That will call thermal_release()
to free 'cdev'. But the follow-up processes access 'cdev' continually.
That trggers the UAF bug.
====================================================================
BUG: KASAN: use-after-free in __thermal_cooling_device_register+0x75b/0xa90
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
dump_stack_lvl+0xe2/0x152
print_address_description.constprop.0+0x21/0x140
? __thermal_cooling_device_register+0x75b/0xa90
kasan_report.cold+0x7f/0x11b
? __thermal_cooling_device_register+0x75b/0xa90
__thermal_cooling_device_register+0x75b/0xa90
? memset+0x20/0x40
? __sanitizer_cov_trace_pc+0x1d/0x50
? __devres_alloc_node+0x130/0x180
devm_thermal_of_cooling_device_register+0x67/0xf0
max6650_probe.cold+0x557/0x6aa
......
Freed by task 258:
kasan_save_stack+0x1b/0x40
kasan_set_track+0x1c/0x30
kasan_set_free_info+0x20/0x30
__kasan_slab_free+0x109/0x140
kfree+0x117/0x4c0
thermal_release+0xa0/0x110
device_release+0xa7/0x240
kobject_put+0x1ce/0x540
put_device+0x20/0x30
__thermal_cooling_device_register+0x731/0xa90
devm_thermal_of_cooling_device_register+0x67/0xf0
max6650_probe.cold+0x557/0x6aa [max6650]
Do not use 'cdev' again after put_device() to fix the problem like doing
in thermal_zone_device_register().
[dlezcano]: as requested by Rafael, change the affectation into two statements.
Fixes: 584837618100 ("thermal/drivers/core: Use a char pointer for the cooling device name")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/r/20211015024504.947520-1-william.xuanziyang@huawei.com
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thermal/thermal_core.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/thermal/thermal_core.c
+++ b/drivers/thermal/thermal_core.c
@@ -1092,7 +1092,7 @@ __thermal_cooling_device_register(struct
{
struct thermal_cooling_device *cdev;
struct thermal_zone_device *pos = NULL;
- int ret;
+ int id, ret;
if (!ops || !ops->get_max_state || !ops->get_cur_state ||
!ops->set_cur_state)
@@ -1106,6 +1106,7 @@ __thermal_cooling_device_register(struct
if (ret < 0)
goto out_kfree_cdev;
cdev->id = ret;
+ id = ret;
cdev->type = kstrdup(type ? type : "", GFP_KERNEL);
if (!cdev->type) {
@@ -1147,8 +1148,9 @@ out_kfree_type:
thermal_cooling_device_destroy_sysfs(cdev);
kfree(cdev->type);
put_device(&cdev->device);
+ cdev = NULL;
out_ida_remove:
- ida_simple_remove(&thermal_cdev_ida, cdev->id);
+ ida_simple_remove(&thermal_cdev_ida, id);
out_kfree_cdev:
return ERR_PTR(ret);
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 440/452] thermal/core: Fix memory leak in the error path
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (438 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 439/452] thermal/core: fix a UAF bug in __thermal_cooling_device_register() Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 441/452] bfq: Avoid merging queues with different parents Greg Kroah-Hartman
` (17 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Dan Carpenter,
Daniel Lezcano
From: Daniel Lezcano <daniel.lezcano@linaro.org>
commit d44616c6cc3e35eea03ecfe9040edfa2b486a059 upstream.
Fix the following error:
smatch warnings:
drivers/thermal/thermal_core.c:1020 __thermal_cooling_device_register() warn: possible memory leak of 'cdev'
by freeing the cdev when exiting the function in the error path.
Fixes: 584837618100 ("thermal/drivers/core: Use a char pointer for the cooling device name")
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Link: https://lore.kernel.org/r/20210319202257.890848-1-daniel.lezcano@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thermal/thermal_core.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/thermal/thermal_core.c
+++ b/drivers/thermal/thermal_core.c
@@ -1152,6 +1152,7 @@ out_kfree_type:
out_ida_remove:
ida_simple_remove(&thermal_cdev_ida, id);
out_kfree_cdev:
+ kfree(cdev);
return ERR_PTR(ret);
}
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 441/452] bfq: Avoid merging queues with different parents
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (439 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 440/452] thermal/core: Fix memory leak in the error path Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 442/452] bfq: Drop pointless unlock-lock pair Greg Kroah-Hartman
` (16 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, yukuai (C), Jan Kara, Christoph Hellwig, Jens Axboe
From: Jan Kara <jack@suse.cz>
commit c1cee4ab36acef271be9101590756ed0c0c374d9 upstream.
It can happen that the parent of a bfqq changes between the moment we
decide two queues are worth to merge (and set bic->stable_merge_bfqq)
and the moment bfq_setup_merge() is called. This can happen e.g. because
the process submitted IO for a different cgroup and thus bfqq got
reparented. It can even happen that the bfqq we are merging with has
parent cgroup that is already offline and going to be destroyed in which
case the merge can lead to use-after-free issues such as:
BUG: KASAN: use-after-free in __bfq_deactivate_entity+0x9cb/0xa50
Read of size 8 at addr ffff88800693c0c0 by task runc:[2:INIT]/10544
CPU: 0 PID: 10544 Comm: runc:[2:INIT] Tainted: G E 5.15.2-0.g5fb85fd-default #1 openSUSE Tumbleweed (unreleased) f1f3b891c72369aebecd2e43e4641a6358867c70
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014
Call Trace:
<IRQ>
dump_stack_lvl+0x46/0x5a
print_address_description.constprop.0+0x1f/0x140
? __bfq_deactivate_entity+0x9cb/0xa50
kasan_report.cold+0x7f/0x11b
? __bfq_deactivate_entity+0x9cb/0xa50
__bfq_deactivate_entity+0x9cb/0xa50
? update_curr+0x32f/0x5d0
bfq_deactivate_entity+0xa0/0x1d0
bfq_del_bfqq_busy+0x28a/0x420
? resched_curr+0x116/0x1d0
? bfq_requeue_bfqq+0x70/0x70
? check_preempt_wakeup+0x52b/0xbc0
__bfq_bfqq_expire+0x1a2/0x270
bfq_bfqq_expire+0xd16/0x2160
? try_to_wake_up+0x4ee/0x1260
? bfq_end_wr_async_queues+0xe0/0xe0
? _raw_write_unlock_bh+0x60/0x60
? _raw_spin_lock_irq+0x81/0xe0
bfq_idle_slice_timer+0x109/0x280
? bfq_dispatch_request+0x4870/0x4870
__hrtimer_run_queues+0x37d/0x700
? enqueue_hrtimer+0x1b0/0x1b0
? kvm_clock_get_cycles+0xd/0x10
? ktime_get_update_offsets_now+0x6f/0x280
hrtimer_interrupt+0x2c8/0x740
Fix the problem by checking that the parent of the two bfqqs we are
merging in bfq_setup_merge() is the same.
Link: https://lore.kernel.org/linux-block/20211125172809.GC19572@quack2.suse.cz/
CC: stable@vger.kernel.org
Fixes: 430a67f9d616 ("block, bfq: merge bursts of newly-created queues")
Tested-by: "yukuai (C)" <yukuai3@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220401102752.8599-2-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bfq-iosched.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -2509,6 +2509,14 @@ bfq_setup_merge(struct bfq_queue *bfqq,
if (process_refs == 0 || new_process_refs == 0)
return NULL;
+ /*
+ * Make sure merged queues belong to the same parent. Parents could
+ * have changed since the time we decided the two queues are suitable
+ * for merging.
+ */
+ if (new_bfqq->entity.parent != bfqq->entity.parent)
+ return NULL;
+
bfq_log_bfqq(bfqq->bfqd, bfqq, "scheduling merge with queue %d",
new_bfqq->pid);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 442/452] bfq: Drop pointless unlock-lock pair
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (440 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 441/452] bfq: Avoid merging queues with different parents Greg Kroah-Hartman
@ 2022-06-07 17:04 ` Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 443/452] bfq: Remove pointless bfq_init_rq() calls Greg Kroah-Hartman
` (15 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:04 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, yukuai (C), Jan Kara, Christoph Hellwig, Jens Axboe
From: Jan Kara <jack@suse.cz>
commit fc84e1f941b91221092da5b3102ec82da24c5673 upstream.
In bfq_insert_request() we unlock bfqd->lock only to call
trace_block_rq_insert() and then lock bfqd->lock again. This is really
pointless since tracing is disabled if we really care about performance
and even if the tracepoint is enabled, it is a quick call.
CC: stable@vger.kernel.org
Tested-by: "yukuai (C)" <yukuai3@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220401102752.8599-5-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bfq-iosched.c | 3 ---
1 file changed, 3 deletions(-)
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -5537,11 +5537,8 @@ static void bfq_insert_request(struct bl
return;
}
- spin_unlock_irq(&bfqd->lock);
-
blk_mq_sched_request_inserted(rq);
- spin_lock_irq(&bfqd->lock);
bfqq = bfq_init_rq(rq);
if (!bfqq || at_head || blk_rq_is_passthrough(rq)) {
if (at_head)
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 443/452] bfq: Remove pointless bfq_init_rq() calls
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (441 preceding siblings ...)
2022-06-07 17:04 ` [PATCH 5.10 442/452] bfq: Drop pointless unlock-lock pair Greg Kroah-Hartman
@ 2022-06-07 17:05 ` Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 444/452] bfq: Get rid of __bio_blkcg() usage Greg Kroah-Hartman
` (14 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:05 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, yukuai (C), Jan Kara, Christoph Hellwig, Jens Axboe
From: Jan Kara <jack@suse.cz>
commit 5f550ede5edf846ecc0067be1ba80514e6fe7f8e upstream.
We call bfq_init_rq() from request merging functions where requests we
get should have already gone through bfq_init_rq() during insert and
anyway we want to do anything only if the request is already tracked by
BFQ. So replace calls to bfq_init_rq() with RQ_BFQQ() instead to simply
skip requests untracked by BFQ. We move bfq_init_rq() call in
bfq_insert_request() a bit earlier to cover request merging and thus
can transfer FIFO position in case of a merge.
CC: stable@vger.kernel.org
Tested-by: "yukuai (C)" <yukuai3@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220401102752.8599-6-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bfq-iosched.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -2267,8 +2267,6 @@ static int bfq_request_merge(struct requ
return ELEVATOR_NO_MERGE;
}
-static struct bfq_queue *bfq_init_rq(struct request *rq);
-
static void bfq_request_merged(struct request_queue *q, struct request *req,
enum elv_merge type)
{
@@ -2277,7 +2275,7 @@ static void bfq_request_merged(struct re
blk_rq_pos(req) <
blk_rq_pos(container_of(rb_prev(&req->rb_node),
struct request, rb_node))) {
- struct bfq_queue *bfqq = bfq_init_rq(req);
+ struct bfq_queue *bfqq = RQ_BFQQ(req);
struct bfq_data *bfqd;
struct request *prev, *next_rq;
@@ -2329,8 +2327,8 @@ static void bfq_request_merged(struct re
static void bfq_requests_merged(struct request_queue *q, struct request *rq,
struct request *next)
{
- struct bfq_queue *bfqq = bfq_init_rq(rq),
- *next_bfqq = bfq_init_rq(next);
+ struct bfq_queue *bfqq = RQ_BFQQ(rq),
+ *next_bfqq = RQ_BFQQ(next);
if (!bfqq)
return;
@@ -5518,6 +5516,8 @@ static inline void bfq_update_insert_sta
unsigned int cmd_flags) {}
#endif /* CONFIG_BFQ_CGROUP_DEBUG */
+static struct bfq_queue *bfq_init_rq(struct request *rq);
+
static void bfq_insert_request(struct blk_mq_hw_ctx *hctx, struct request *rq,
bool at_head)
{
@@ -5532,6 +5532,7 @@ static void bfq_insert_request(struct bl
bfqg_stats_update_legacy_io(q, rq);
#endif
spin_lock_irq(&bfqd->lock);
+ bfqq = bfq_init_rq(rq);
if (blk_mq_sched_try_insert_merge(q, rq)) {
spin_unlock_irq(&bfqd->lock);
return;
@@ -5539,7 +5540,6 @@ static void bfq_insert_request(struct bl
blk_mq_sched_request_inserted(rq);
- bfqq = bfq_init_rq(rq);
if (!bfqq || at_head || blk_rq_is_passthrough(rq)) {
if (at_head)
list_add(&rq->queuelist, &bfqd->dispatch);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 444/452] bfq: Get rid of __bio_blkcg() usage
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (442 preceding siblings ...)
2022-06-07 17:05 ` [PATCH 5.10 443/452] bfq: Remove pointless bfq_init_rq() calls Greg Kroah-Hartman
@ 2022-06-07 17:05 ` Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 445/452] bfq: Make sure bfqg for which we are queueing requests is online Greg Kroah-Hartman
` (13 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:05 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, yukuai (C), Jan Kara, Christoph Hellwig, Jens Axboe
From: Jan Kara <jack@suse.cz>
commit 4e54a2493e582361adc3bfbf06c7d50d19d18837 upstream.
BFQ usage of __bio_blkcg() is a relict from the past. Furthermore if bio
would not be associated with any blkcg, the usage of __bio_blkcg() in
BFQ is prone to races with the task being migrated between cgroups as
__bio_blkcg() calls at different places could return different blkcgs.
Convert BFQ to the new situation where bio->bi_blkg is initialized in
bio_set_dev() and thus practically always valid. This allows us to save
blkcg_gq lookup and noticeably simplify the code.
CC: stable@vger.kernel.org
Fixes: 0fe061b9f03c ("blkcg: fix ref count issue with bio_blkcg() using task_css")
Tested-by: "yukuai (C)" <yukuai3@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220401102752.8599-8-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bfq-cgroup.c | 63 ++++++++++++++++++----------------------------------
block/bfq-iosched.c | 10 --------
block/bfq-iosched.h | 3 --
3 files changed, 25 insertions(+), 51 deletions(-)
--- a/block/bfq-cgroup.c
+++ b/block/bfq-cgroup.c
@@ -582,27 +582,11 @@ static void bfq_group_set_parent(struct
entity->sched_data = &parent->sched_data;
}
-static struct bfq_group *bfq_lookup_bfqg(struct bfq_data *bfqd,
- struct blkcg *blkcg)
+static void bfq_link_bfqg(struct bfq_data *bfqd, struct bfq_group *bfqg)
{
- struct blkcg_gq *blkg;
-
- blkg = blkg_lookup(blkcg, bfqd->queue);
- if (likely(blkg))
- return blkg_to_bfqg(blkg);
- return NULL;
-}
-
-struct bfq_group *bfq_find_set_group(struct bfq_data *bfqd,
- struct blkcg *blkcg)
-{
- struct bfq_group *bfqg, *parent;
+ struct bfq_group *parent;
struct bfq_entity *entity;
- bfqg = bfq_lookup_bfqg(bfqd, blkcg);
- if (unlikely(!bfqg))
- return NULL;
-
/*
* Update chain of bfq_groups as we might be handling a leaf group
* which, along with some of its relatives, has not been hooked yet
@@ -619,8 +603,15 @@ struct bfq_group *bfq_find_set_group(str
bfq_group_set_parent(curr_bfqg, parent);
}
}
+}
- return bfqg;
+struct bfq_group *bfq_bio_bfqg(struct bfq_data *bfqd, struct bio *bio)
+{
+ struct blkcg_gq *blkg = bio->bi_blkg;
+
+ if (!blkg)
+ return bfqd->root_group;
+ return blkg_to_bfqg(blkg);
}
/**
@@ -696,25 +687,15 @@ void bfq_bfqq_move(struct bfq_data *bfqd
* Move bic to blkcg, assuming that bfqd->lock is held; which makes
* sure that the reference to cgroup is valid across the call (see
* comments in bfq_bic_update_cgroup on this issue)
- *
- * NOTE: an alternative approach might have been to store the current
- * cgroup in bfqq and getting a reference to it, reducing the lookup
- * time here, at the price of slightly more complex code.
*/
-static struct bfq_group *__bfq_bic_change_cgroup(struct bfq_data *bfqd,
- struct bfq_io_cq *bic,
- struct blkcg *blkcg)
+static void *__bfq_bic_change_cgroup(struct bfq_data *bfqd,
+ struct bfq_io_cq *bic,
+ struct bfq_group *bfqg)
{
struct bfq_queue *async_bfqq = bic_to_bfqq(bic, 0);
struct bfq_queue *sync_bfqq = bic_to_bfqq(bic, 1);
- struct bfq_group *bfqg;
struct bfq_entity *entity;
- bfqg = bfq_find_set_group(bfqd, blkcg);
-
- if (unlikely(!bfqg))
- bfqg = bfqd->root_group;
-
if (async_bfqq) {
entity = &async_bfqq->entity;
@@ -766,20 +747,24 @@ static struct bfq_group *__bfq_bic_chang
void bfq_bic_update_cgroup(struct bfq_io_cq *bic, struct bio *bio)
{
struct bfq_data *bfqd = bic_to_bfqd(bic);
- struct bfq_group *bfqg = NULL;
+ struct bfq_group *bfqg = bfq_bio_bfqg(bfqd, bio);
uint64_t serial_nr;
- rcu_read_lock();
- serial_nr = __bio_blkcg(bio)->css.serial_nr;
+ serial_nr = bfqg_to_blkg(bfqg)->blkcg->css.serial_nr;
/*
* Check whether blkcg has changed. The condition may trigger
* spuriously on a newly created cic but there's no harm.
*/
if (unlikely(!bfqd) || likely(bic->blkcg_serial_nr == serial_nr))
- goto out;
+ return;
- bfqg = __bfq_bic_change_cgroup(bfqd, bic, __bio_blkcg(bio));
+ /*
+ * New cgroup for this process. Make sure it is linked to bfq internal
+ * cgroup hierarchy.
+ */
+ bfq_link_bfqg(bfqd, bfqg);
+ __bfq_bic_change_cgroup(bfqd, bic, bfqg);
/*
* Update blkg_path for bfq_log_* functions. We cache this
* path, and update it here, for the following
@@ -832,8 +817,6 @@ void bfq_bic_update_cgroup(struct bfq_io
*/
blkg_path(bfqg_to_blkg(bfqg), bfqg->blkg_path, sizeof(bfqg->blkg_path));
bic->blkcg_serial_nr = serial_nr;
-out:
- rcu_read_unlock();
}
/**
@@ -1451,7 +1434,7 @@ void bfq_end_wr_async(struct bfq_data *b
bfq_end_wr_async_queues(bfqd, bfqd->root_group);
}
-struct bfq_group *bfq_find_set_group(struct bfq_data *bfqd, struct blkcg *blkcg)
+struct bfq_group *bfq_bio_bfqg(struct bfq_data *bfqd, struct bio *bio)
{
return bfqd->root_group;
}
--- a/block/bfq-iosched.c
+++ b/block/bfq-iosched.c
@@ -5162,14 +5162,7 @@ static struct bfq_queue *bfq_get_queue(s
struct bfq_queue *bfqq;
struct bfq_group *bfqg;
- rcu_read_lock();
-
- bfqg = bfq_find_set_group(bfqd, __bio_blkcg(bio));
- if (!bfqg) {
- bfqq = &bfqd->oom_bfqq;
- goto out;
- }
-
+ bfqg = bfq_bio_bfqg(bfqd, bio);
if (!is_sync) {
async_bfqq = bfq_async_queue_prio(bfqd, bfqg, ioprio_class,
ioprio);
@@ -5213,7 +5206,6 @@ static struct bfq_queue *bfq_get_queue(s
out:
bfqq->ref++; /* get a process reference to this queue */
bfq_log_bfqq(bfqd, bfqq, "get_queue, at end: %p, %d", bfqq, bfqq->ref);
- rcu_read_unlock();
return bfqq;
}
--- a/block/bfq-iosched.h
+++ b/block/bfq-iosched.h
@@ -984,8 +984,7 @@ void bfq_bfqq_move(struct bfq_data *bfqd
void bfq_init_entity(struct bfq_entity *entity, struct bfq_group *bfqg);
void bfq_bic_update_cgroup(struct bfq_io_cq *bic, struct bio *bio);
void bfq_end_wr_async(struct bfq_data *bfqd);
-struct bfq_group *bfq_find_set_group(struct bfq_data *bfqd,
- struct blkcg *blkcg);
+struct bfq_group *bfq_bio_bfqg(struct bfq_data *bfqd, struct bio *bio);
struct blkcg_gq *bfqg_to_blkg(struct bfq_group *bfqg);
struct bfq_group *bfqq_group(struct bfq_queue *bfqq);
struct bfq_group *bfq_create_group_hierarchy(struct bfq_data *bfqd, int node);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 445/452] bfq: Make sure bfqg for which we are queueing requests is online
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (443 preceding siblings ...)
2022-06-07 17:05 ` [PATCH 5.10 444/452] bfq: Get rid of __bio_blkcg() usage Greg Kroah-Hartman
@ 2022-06-07 17:05 ` Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 446/452] block: fix bio_clone_blkg_association() to associate with proper blkcg_gq Greg Kroah-Hartman
` (12 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:05 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, yukuai (C), Jan Kara, Christoph Hellwig, Jens Axboe
From: Jan Kara <jack@suse.cz>
commit 075a53b78b815301f8d3dd1ee2cd99554e34f0dd upstream.
Bios queued into BFQ IO scheduler can be associated with a cgroup that
was already offlined. This may then cause insertion of this bfq_group
into a service tree. But this bfq_group will get freed as soon as last
bio associated with it is completed leading to use after free issues for
service tree users. Fix the problem by making sure we always operate on
online bfq_group. If the bfq_group associated with the bio is not
online, we pick the first online parent.
CC: stable@vger.kernel.org
Fixes: e21b7a0b9887 ("block, bfq: add full hierarchical scheduling and cgroups support")
Tested-by: "yukuai (C)" <yukuai3@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220401102752.8599-9-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/bfq-cgroup.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
--- a/block/bfq-cgroup.c
+++ b/block/bfq-cgroup.c
@@ -608,10 +608,19 @@ static void bfq_link_bfqg(struct bfq_dat
struct bfq_group *bfq_bio_bfqg(struct bfq_data *bfqd, struct bio *bio)
{
struct blkcg_gq *blkg = bio->bi_blkg;
+ struct bfq_group *bfqg;
- if (!blkg)
- return bfqd->root_group;
- return blkg_to_bfqg(blkg);
+ while (blkg) {
+ bfqg = blkg_to_bfqg(blkg);
+ if (bfqg->online) {
+ bio_associate_blkg_from_css(bio, &blkg->blkcg->css);
+ return bfqg;
+ }
+ blkg = blkg->parent;
+ }
+ bio_associate_blkg_from_css(bio,
+ &bfqg_to_blkg(bfqd->root_group)->blkcg->css);
+ return bfqd->root_group;
}
/**
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 446/452] block: fix bio_clone_blkg_association() to associate with proper blkcg_gq
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (444 preceding siblings ...)
2022-06-07 17:05 ` [PATCH 5.10 445/452] bfq: Make sure bfqg for which we are queueing requests is online Greg Kroah-Hartman
@ 2022-06-07 17:05 ` Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 447/452] Revert "random: use static branch for crng_ready()" Greg Kroah-Hartman
` (11 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:05 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, Logan Gunthorpe, Christoph Hellwig, Jan Kara,
Jens Axboe, Donald Buczek
From: Jan Kara <jack@suse.cz>
commit 22b106e5355d6e7a9c3b5cb5ed4ef22ae585ea94 upstream.
Commit d92c370a16cb ("block: really clone the block cgroup in
bio_clone_blkg_association") changed bio_clone_blkg_association() to
just clone bio->bi_blkg reference from source to destination bio. This
is however wrong if the source and destination bios are against
different block devices because struct blkcg_gq is different for each
bdev-blkcg pair. This will result in IOs being accounted (and throttled
as a result) multiple times against the same device (src bdev) while
throttling of the other device (dst bdev) is ignored. In case of BFQ the
inconsistency can even result in crashes in bfq_bic_update_cgroup().
Fix the problem by looking up correct blkcg_gq for the cloned bio.
Reported-by: Logan Gunthorpe <logang@deltatee.com>
Reported-and-tested-by: Donald Buczek <buczek@molgen.mpg.de>
Fixes: d92c370a16cb ("block: really clone the block cgroup in bio_clone_blkg_association")
CC: stable@vger.kernel.org
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220602081242.7731-1-jack@suse.cz
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-cgroup.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
--- a/block/blk-cgroup.c
+++ b/block/blk-cgroup.c
@@ -1892,12 +1892,8 @@ EXPORT_SYMBOL_GPL(bio_associate_blkg);
*/
void bio_clone_blkg_association(struct bio *dst, struct bio *src)
{
- if (src->bi_blkg) {
- if (dst->bi_blkg)
- blkg_put(dst->bi_blkg);
- blkg_get(src->bi_blkg);
- dst->bi_blkg = src->bi_blkg;
- }
+ if (src->bi_blkg)
+ bio_associate_blkg_from_css(dst, &bio_blkcg(src)->css);
}
EXPORT_SYMBOL_GPL(bio_clone_blkg_association);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 447/452] Revert "random: use static branch for crng_ready()"
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (445 preceding siblings ...)
2022-06-07 17:05 ` [PATCH 5.10 446/452] block: fix bio_clone_blkg_association() to associate with proper blkcg_gq Greg Kroah-Hartman
@ 2022-06-07 17:05 ` Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 448/452] RDMA/rxe: Generate a completion for unsupported/invalid opcode Greg Kroah-Hartman
` (10 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:05 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jason A. Donenfeld
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
This reverts upstream commit f5bda35fba615ace70a656d4700423fa6c9bebee
from stable. It's not essential and will take some time during 5.19 to
work out properly.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
drivers/char/random.c | 12 ++----------
1 file changed, 2 insertions(+), 10 deletions(-)
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -79,8 +79,7 @@ static enum {
CRNG_EARLY = 1, /* At least POOL_EARLY_BITS collected */
CRNG_READY = 2 /* Fully initialized with POOL_READY_BITS collected */
} crng_init __read_mostly = CRNG_EMPTY;
-static DEFINE_STATIC_KEY_FALSE(crng_is_ready);
-#define crng_ready() (static_branch_likely(&crng_is_ready) || crng_init >= CRNG_READY)
+#define crng_ready() (likely(crng_init >= CRNG_READY))
/* Various types of waiters for crng_init->CRNG_READY transition. */
static DECLARE_WAIT_QUEUE_HEAD(crng_init_wait);
static struct fasync_struct *fasync;
@@ -110,11 +109,6 @@ bool rng_is_initialized(void)
}
EXPORT_SYMBOL(rng_is_initialized);
-static void __cold crng_set_ready(struct work_struct *work)
-{
- static_branch_enable(&crng_is_ready);
-}
-
/* Used by wait_for_random_bytes(), and considered an entropy collector, below. */
static void try_to_generate_entropy(void);
@@ -268,7 +262,7 @@ static void crng_reseed(void)
++next_gen;
WRITE_ONCE(base_crng.generation, next_gen);
WRITE_ONCE(base_crng.birth, jiffies);
- if (!static_branch_likely(&crng_is_ready))
+ if (!crng_ready())
crng_init = CRNG_READY;
spin_unlock_irqrestore(&base_crng.lock, flags);
memzero_explicit(key, sizeof(key));
@@ -711,7 +705,6 @@ static void extract_entropy(void *buf, s
static void __cold _credit_init_bits(size_t bits)
{
- static struct execute_work set_ready;
unsigned int new, orig, add;
unsigned long flags;
@@ -727,7 +720,6 @@ static void __cold _credit_init_bits(siz
if (orig < POOL_READY_BITS && new >= POOL_READY_BITS) {
crng_reseed(); /* Sets crng_init to CRNG_READY under base_crng.lock. */
- execute_in_process_context(crng_set_ready, &set_ready);
process_random_ready_list();
wake_up_interruptible(&crng_init_wait);
kill_fasync(&fasync, SIGIO, POLL_IN);
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 448/452] RDMA/rxe: Generate a completion for unsupported/invalid opcode
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (446 preceding siblings ...)
2022-06-07 17:05 ` [PATCH 5.10 447/452] Revert "random: use static branch for crng_ready()" Greg Kroah-Hartman
@ 2022-06-07 17:05 ` Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 449/452] MIPS: IP27: Remove incorrect `cpu_has_fpu override Greg Kroah-Hartman
` (9 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:05 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiao Yang, Jason Gunthorpe
From: Xiao Yang <yangx.jy@fujitsu.com>
commit 2f917af777011c88e977b9b9a5d00b280d3a59ce upstream.
Current rxe_requester() doesn't generate a completion when processing an
unsupported/invalid opcode. If rxe driver doesn't support a new opcode
(e.g. RDMA Atomic Write) and RDMA library supports it, an application
using the new opcode can reproduce this issue. Fix the issue by calling
"goto err;".
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Link: https://lore.kernel.org/r/20220410113513.27537-1-yangx.jy@fujitsu.com
Signed-off-by: Xiao Yang <yangx.jy@fujitsu.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/sw/rxe/rxe_req.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/infiniband/sw/rxe/rxe_req.c
+++ b/drivers/infiniband/sw/rxe/rxe_req.c
@@ -650,7 +650,7 @@ next_wqe:
opcode = next_opcode(qp, wqe, wqe->wr.opcode);
if (unlikely(opcode < 0)) {
wqe->status = IB_WC_LOC_QP_OP_ERR;
- goto exit;
+ goto err;
}
mask = rxe_opcode[opcode].mask;
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 449/452] MIPS: IP27: Remove incorrect `cpu_has_fpu override
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (447 preceding siblings ...)
2022-06-07 17:05 ` [PATCH 5.10 448/452] RDMA/rxe: Generate a completion for unsupported/invalid opcode Greg Kroah-Hartman
@ 2022-06-07 17:05 ` Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 450/452] MIPS: IP30: " Greg Kroah-Hartman
` (8 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, Stephen Zhang,
Thomas Bogendoerfer
From: Maciej W. Rozycki <macro@orcam.me.uk>
commit 424c3781dd1cb401857585331eaaa425a13f2429 upstream.
Remove unsupported forcing of `cpu_has_fpu' to 1, which makes the `nofpu'
kernel parameter non-functional, and also causes a link error:
ld: arch/mips/kernel/traps.o: in function `trap_init':
./arch/mips/include/asm/msa.h:(.init.text+0x348): undefined reference to `handle_fpe'
ld: ./arch/mips/include/asm/msa.h:(.init.text+0x354): undefined reference to `handle_fpe'
ld: ./arch/mips/include/asm/msa.h:(.init.text+0x360): undefined reference to `handle_fpe'
where the CONFIG_MIPS_FP_SUPPORT configuration option has been disabled.
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Reported-by: Stephen Zhang <starzhangzsd@gmail.com>
Fixes: 0ebb2f4159af ("MIPS: IP27: Update/restructure CPU overrides")
Cc: stable@vger.kernel.org # v4.2+
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/include/asm/mach-ip27/cpu-feature-overrides.h | 1 -
1 file changed, 1 deletion(-)
--- a/arch/mips/include/asm/mach-ip27/cpu-feature-overrides.h
+++ b/arch/mips/include/asm/mach-ip27/cpu-feature-overrides.h
@@ -26,7 +26,6 @@
#define cpu_has_3k_cache 0
#define cpu_has_4k_cache 1
#define cpu_has_tx39_cache 0
-#define cpu_has_fpu 1
#define cpu_has_nofpuex 0
#define cpu_has_32fpr 1
#define cpu_has_counter 1
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 450/452] MIPS: IP30: Remove incorrect `cpu_has_fpu override
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (448 preceding siblings ...)
2022-06-07 17:05 ` [PATCH 5.10 449/452] MIPS: IP27: Remove incorrect `cpu_has_fpu override Greg Kroah-Hartman
@ 2022-06-07 17:05 ` Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 451/452] ext4: only allow test_dummy_encryption when supported Greg Kroah-Hartman
` (7 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, Stephen Zhang,
Thomas Bogendoerfer
From: Maciej W. Rozycki <macro@orcam.me.uk>
commit f44b3e74c33fe04defeff24ebcae98c3bcc5b285 upstream.
Remove unsupported forcing of `cpu_has_fpu' to 1, which makes the `nofpu'
kernel parameter non-functional, and also causes a link error:
ld: arch/mips/kernel/traps.o: in function `trap_init':
./arch/mips/include/asm/msa.h:(.init.text+0x348): undefined reference to `handle_fpe'
ld: ./arch/mips/include/asm/msa.h:(.init.text+0x354): undefined reference to `handle_fpe'
ld: ./arch/mips/include/asm/msa.h:(.init.text+0x360): undefined reference to `handle_fpe'
where the CONFIG_MIPS_FP_SUPPORT configuration option has been disabled.
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Reported-by: Stephen Zhang <starzhangzsd@gmail.com>
Fixes: 7505576d1c1a ("MIPS: add support for SGI Octane (IP30)")
Cc: stable@vger.kernel.org # v5.5+
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/include/asm/mach-ip30/cpu-feature-overrides.h | 1 -
1 file changed, 1 deletion(-)
--- a/arch/mips/include/asm/mach-ip30/cpu-feature-overrides.h
+++ b/arch/mips/include/asm/mach-ip30/cpu-feature-overrides.h
@@ -29,7 +29,6 @@
#define cpu_has_3k_cache 0
#define cpu_has_4k_cache 1
#define cpu_has_tx39_cache 0
-#define cpu_has_fpu 1
#define cpu_has_nofpuex 0
#define cpu_has_32fpr 1
#define cpu_has_counter 1
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 451/452] ext4: only allow test_dummy_encryption when supported
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (449 preceding siblings ...)
2022-06-07 17:05 ` [PATCH 5.10 450/452] MIPS: IP30: " Greg Kroah-Hartman
@ 2022-06-07 17:05 ` Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 452/452] md: bcache: check the return value of kzalloc() in detached_dev_do_request() Greg Kroah-Hartman
` (6 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Biggers,
Gabriel Krisman Bertazi, Theodore Tso
From: Eric Biggers <ebiggers@google.com>
commit 5f41fdaea63ddf96d921ab36b2af4a90ccdb5744 upstream.
Make the test_dummy_encryption mount option require that the encrypt
feature flag be already enabled on the filesystem, rather than
automatically enabling it. Practically, this means that "-O encrypt"
will need to be included in MKFS_OPTIONS when running xfstests with the
test_dummy_encryption mount option. (ext4/053 also needs an update.)
Moreover, as long as the preconditions for test_dummy_encryption are
being tightened anyway, take the opportunity to start rejecting it when
!CONFIG_FS_ENCRYPTION rather than ignoring it.
The motivation for requiring the encrypt feature flag is that:
- Having the filesystem auto-enable feature flags is problematic, as it
bypasses the usual sanity checks. The specific issue which came up
recently is that in kernel versions where ext4 supports casefold but
not encrypt+casefold (v5.1 through v5.10), the kernel will happily add
the encrypt flag to a filesystem that has the casefold flag, making it
unmountable -- but only for subsequent mounts, not the initial one.
This confused the casefold support detection in xfstests, causing
generic/556 to fail rather than be skipped.
- The xfstests-bld test runners (kvm-xfstests et al.) already use the
required mkfs flag, so they will not be affected by this change. Only
users of test_dummy_encryption alone will be affected. But, this
option has always been for testing only, so it should be fine to
require that the few users of this option update their test scripts.
- f2fs already requires it (for its equivalent feature flag).
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Gabriel Krisman Bertazi <krisman@collabora.com>
Link: https://lore.kernel.org/r/20220519204437.61645-1-ebiggers@kernel.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/ext4.h | 6 ------
fs/ext4/super.c | 18 ++++++++++--------
2 files changed, 10 insertions(+), 14 deletions(-)
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -1419,12 +1419,6 @@ struct ext4_super_block {
#ifdef __KERNEL__
-#ifdef CONFIG_FS_ENCRYPTION
-#define DUMMY_ENCRYPTION_ENABLED(sbi) ((sbi)->s_dummy_enc_policy.policy != NULL)
-#else
-#define DUMMY_ENCRYPTION_ENABLED(sbi) (0)
-#endif
-
/* Number of quota types we support */
#define EXT4_MAXQUOTAS 3
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -2084,6 +2084,12 @@ static int ext4_set_test_dummy_encryptio
struct ext4_sb_info *sbi = EXT4_SB(sb);
int err;
+ if (!ext4_has_feature_encrypt(sb)) {
+ ext4_msg(sb, KERN_WARNING,
+ "test_dummy_encryption requires encrypt feature");
+ return -1;
+ }
+
/*
* This mount option is just for testing, and it's not worthwhile to
* implement the extra complexity (e.g. RCU protection) that would be
@@ -2111,11 +2117,13 @@ static int ext4_set_test_dummy_encryptio
return -1;
}
ext4_msg(sb, KERN_WARNING, "Test dummy encryption mode enabled");
+ return 1;
#else
ext4_msg(sb, KERN_WARNING,
- "Test dummy encryption mount option ignored");
+ "test_dummy_encryption option not supported");
+ return -1;
+
#endif
- return 1;
}
static int handle_mount_opt(struct super_block *sb, char *opt, int token,
@@ -4929,12 +4937,6 @@ no_journal:
goto failed_mount_wq;
}
- if (DUMMY_ENCRYPTION_ENABLED(sbi) && !sb_rdonly(sb) &&
- !ext4_has_feature_encrypt(sb)) {
- ext4_set_feature_encrypt(sb);
- ext4_commit_super(sb, 1);
- }
-
/*
* Get the # of file system overhead blocks from the
* superblock if present.
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH 5.10 452/452] md: bcache: check the return value of kzalloc() in detached_dev_do_request()
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (450 preceding siblings ...)
2022-06-07 17:05 ` [PATCH 5.10 451/452] ext4: only allow test_dummy_encryption when supported Greg Kroah-Hartman
@ 2022-06-07 17:05 ` Greg Kroah-Hartman
2022-06-07 19:39 ` [PATCH 5.10 000/452] 5.10.121-rc1 review Pavel Machek
` (5 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-07 17:05 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, TOTE Robot, Jia-Ju Bai, Coly Li, Jens Axboe
From: Jia-Ju Bai <baijiaju1990@gmail.com>
commit 40f567bbb3b0639d2ec7d1c6ad4b1b018f80cf19 upstream.
The function kzalloc() in detached_dev_do_request() can fail, so its
return value should be checked.
Fixes: bc082a55d25c ("bcache: fix inaccurate io state for detached bcache devices")
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Coly Li <colyli@suse.de>
Link: https://lore.kernel.org/r/20220527152818.27545-4-colyli@suse.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/request.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/md/bcache/request.c
+++ b/drivers/md/bcache/request.c
@@ -1109,6 +1109,12 @@ static void detached_dev_do_request(stru
* which would call closure_get(&dc->disk.cl)
*/
ddip = kzalloc(sizeof(struct detached_dev_io_private), GFP_NOIO);
+ if (!ddip) {
+ bio->bi_status = BLK_STS_RESOURCE;
+ bio->bi_end_io(bio);
+ return;
+ }
+
ddip->d = d;
/* Count on the bcache device */
ddip->start_time = part_start_io_acct(d->disk, &ddip->part, bio);
^ permalink raw reply [flat|nested] 474+ messages in thread
* Re: [PATCH 5.10 001/452] arm64: Initialize jump labels before setup_machine_fdt()
2022-06-07 16:57 ` [PATCH 5.10 001/452] arm64: Initialize jump labels before setup_machine_fdt() Greg Kroah-Hartman
@ 2022-06-07 17:28 ` Catalin Marinas
2022-06-08 6:55 ` Ard Biesheuvel
0 siblings, 1 reply; 474+ messages in thread
From: Catalin Marinas @ 2022-06-07 17:28 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Hsin-Yi Wang, Douglas Anderson,
Ard Biesheuvel, Steven Rostedt, Jason A. Donenfeld,
Dominik Brodowski, Stephen Boyd
Hi Greg,
On Tue, Jun 07, 2022 at 06:57:38PM +0200, Greg Kroah-Hartman wrote:
> From: Stephen Boyd <swboyd@chromium.org>
>
> commit 73e2d827a501d48dceeb5b9b267a4cd283d6b1ae upstream.
>
> A static key warning splat appears during early boot on arm64 systems
> that credit randomness from devicetrees that contain an "rng-seed"
> property. This is because setup_machine_fdt() is called before
> jump_label_init() during setup_arch(). Let's swap the order of these two
> calls so that jump labels are initialized before the devicetree is
> unflattened and the rng seed is credited.
>
> static_key_enable_cpuslocked(): static key '0xffffffe51c6fcfc0' used before call to jump_label_init()
> WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:166 static_key_enable_cpuslocked+0xb0/0xb8
> Modules linked in:
> CPU: 0 PID: 0 Comm: swapper Not tainted 5.18.0+ #224 44b43e377bfc84bc99bb5ab885ff694984ee09ff
> pstate: 600001c9 (nZCv dAIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> pc : static_key_enable_cpuslocked+0xb0/0xb8
> lr : static_key_enable_cpuslocked+0xb0/0xb8
> sp : ffffffe51c393cf0
> x29: ffffffe51c393cf0 x28: 000000008185054c x27: 00000000f1042f10
> x26: 0000000000000000 x25: 00000000f10302b2 x24: 0000002513200000
> x23: 0000002513200000 x22: ffffffe51c1c9000 x21: fffffffdfdc00000
> x20: ffffffe51c2f0831 x19: ffffffe51c6fcfc0 x18: 00000000ffff1020
> x17: 00000000e1e2ac90 x16: 00000000000000e0 x15: ffffffe51b710708
> x14: 0000000000000066 x13: 0000000000000018 x12: 0000000000000000
> x11: 0000000000000000 x10: 00000000ffffffff x9 : 0000000000000000
> x8 : 0000000000000000 x7 : 61632065726f6665 x6 : 6220646573752027
> x5 : ffffffe51c641d25 x4 : ffffffe51c13142c x3 : ffff0a00ffffff05
> x2 : 40000000ffffe003 x1 : 00000000000001c0 x0 : 0000000000000065
> Call trace:
> static_key_enable_cpuslocked+0xb0/0xb8
> static_key_enable+0x2c/0x40
> crng_set_ready+0x24/0x30
> execute_in_process_context+0x80/0x90
> _credit_init_bits+0x100/0x154
> add_bootloader_randomness+0x64/0x78
> early_init_dt_scan_chosen+0x140/0x184
> early_init_dt_scan_nodes+0x28/0x4c
> early_init_dt_scan+0x40/0x44
> setup_machine_fdt+0x7c/0x120
> setup_arch+0x74/0x1d8
> start_kernel+0x84/0x44c
> __primary_switched+0xc0/0xc8
> ---[ end trace 0000000000000000 ]---
> random: crng init done
> Machine model: Google Lazor (rev1 - 2) with LTE
>
> Cc: Hsin-Yi Wang <hsinyi@chromium.org>
> Cc: Douglas Anderson <dianders@chromium.org>
> Cc: Ard Biesheuvel <ardb@kernel.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Jason A. Donenfeld <Jason@zx2c4.com>
> Cc: Dominik Brodowski <linux@dominikbrodowski.net>
> Fixes: f5bda35fba61 ("random: use static branch for crng_ready()")
> Signed-off-by: Stephen Boyd <swboyd@chromium.org>
> Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
> Link: https://lore.kernel.org/r/20220602022109.780348-1-swboyd@chromium.org
> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Since Jason asked for the fixed commit (f5bda35fba61) to be reverted in
stable, please don't push this arm64 patch either. Given the risks of
breakage as on arm32 (it doesn't look like but you never know), I'm
tempted to revert it from mainline as well if Jason finds a better
solution for the early crng_reseed() call.
Thanks.
--
Catalin
^ permalink raw reply [flat|nested] 474+ messages in thread
* RE: [PATCH 5.10 065/452] drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo
2022-06-07 16:58 ` [PATCH 5.10 065/452] drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo Greg Kroah-Hartman
@ 2022-06-07 17:33 ` Deucher, Alexander
2022-06-07 17:46 ` Deucher, Alexander
0 siblings, 1 reply; 474+ messages in thread
From: Deucher, Alexander @ 2022-06-07 17:33 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel; +Cc: stable, Wong, Alice, Sasha Levin
[Public]
> -----Original Message-----
> From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Sent: Tuesday, June 7, 2022 12:59 PM
> To: linux-kernel@vger.kernel.org
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>;
> stable@vger.kernel.org; Wong, Alice <Shiwei.Wong@amd.com>; Deucher,
> Alexander <Alexander.Deucher@amd.com>; Sasha Levin
> <sashal@kernel.org>
> Subject: [PATCH 5.10 065/452] drm/amdgpu/ucode: Remove firmware load
> type check in amdgpu_ucode_free_bo
>
> From: Alice Wong <shiwei.wong@amd.com>
>
> [ Upstream commit ab0cd4a9ae5b4679b714d8dbfedc0901fecdce9f ]
>
> When psp_hw_init failed, it will set the load_type to
> AMDGPU_FW_LOAD_DIRECT.
> During amdgpu_device_ip_fini, amdgpu_ucode_free_bo checks that
> load_type is AMDGPU_FW_LOAD_DIRECT and skips deallocating fw_buf
> causing memory leak.
> Remove load_type check in amdgpu_ucode_free_bo.
>
> Signed-off-by: Alice Wong <shiwei.wong@amd.com>
> Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
I don't think this patch is relevant for kernels older than 5.19. I shouldn't hurt anything however.
Alex
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
> b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
> index b313ce4c3e97..30005ed8156f 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
> @@ -625,8 +625,7 @@ int amdgpu_ucode_create_bo(struct amdgpu_device
> *adev)
>
> void amdgpu_ucode_free_bo(struct amdgpu_device *adev) {
> - if (adev->firmware.load_type != AMDGPU_FW_LOAD_DIRECT)
> - amdgpu_bo_free_kernel(&adev->firmware.fw_buf,
> + amdgpu_bo_free_kernel(&adev->firmware.fw_buf,
> &adev->firmware.fw_buf_mc,
> &adev->firmware.fw_buf_ptr);
> }
> --
> 2.35.1
>
>
^ permalink raw reply [flat|nested] 474+ messages in thread
* RE: [PATCH 5.10 065/452] drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo
2022-06-07 17:33 ` Deucher, Alexander
@ 2022-06-07 17:46 ` Deucher, Alexander
0 siblings, 0 replies; 474+ messages in thread
From: Deucher, Alexander @ 2022-06-07 17:46 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel; +Cc: stable, Wong, Alice, Sasha Levin
[Public]
> -----Original Message-----
> From: Deucher, Alexander
> Sent: Tuesday, June 7, 2022 1:33 PM
> To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>; linux-
> kernel@vger.kernel.org
> Cc: stable@vger.kernel.org; Wong, Alice <Shiwei.Wong@amd.com>; Sasha
> Levin <sashal@kernel.org>
> Subject: RE: [PATCH 5.10 065/452] drm/amdgpu/ucode: Remove firmware
> load type check in amdgpu_ucode_free_bo
>
> [Public]
>
> > -----Original Message-----
> > From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > Sent: Tuesday, June 7, 2022 12:59 PM
> > To: linux-kernel@vger.kernel.org
> > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>;
> > stable@vger.kernel.org; Wong, Alice <Shiwei.Wong@amd.com>; Deucher,
> > Alexander <Alexander.Deucher@amd.com>; Sasha Levin
> <sashal@kernel.org>
> > Subject: [PATCH 5.10 065/452] drm/amdgpu/ucode: Remove firmware load
> > type check in amdgpu_ucode_free_bo
> >
> > From: Alice Wong <shiwei.wong@amd.com>
> >
> > [ Upstream commit ab0cd4a9ae5b4679b714d8dbfedc0901fecdce9f ]
> >
> > When psp_hw_init failed, it will set the load_type to
> > AMDGPU_FW_LOAD_DIRECT.
> > During amdgpu_device_ip_fini, amdgpu_ucode_free_bo checks that
> > load_type is AMDGPU_FW_LOAD_DIRECT and skips deallocating fw_buf
> > causing memory leak.
> > Remove load_type check in amdgpu_ucode_free_bo.
> >
> > Signed-off-by: Alice Wong <shiwei.wong@amd.com>
> > Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
> > Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
> > Signed-off-by: Sasha Levin <sashal@kernel.org>
>
>
> I don't think this patch is relevant for kernels older than 5.19. I shouldn't hurt
> anything however.
Nevermind, I see that Sasha backported the entire series that this patch depends on.
Alex
>
> Alex
>
> > ---
> > drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 3 +--
> > 1 file changed, 1 insertion(+), 2 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
> > b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
> > index b313ce4c3e97..30005ed8156f 100644
> > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
> > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c
> > @@ -625,8 +625,7 @@ int amdgpu_ucode_create_bo(struct
> amdgpu_device
> > *adev)
> >
> > void amdgpu_ucode_free_bo(struct amdgpu_device *adev) {
> > - if (adev->firmware.load_type != AMDGPU_FW_LOAD_DIRECT)
> > - amdgpu_bo_free_kernel(&adev->firmware.fw_buf,
> > + amdgpu_bo_free_kernel(&adev->firmware.fw_buf,
> > &adev->firmware.fw_buf_mc,
> > &adev->firmware.fw_buf_ptr);
> > }
> > --
> > 2.35.1
> >
> >
^ permalink raw reply [flat|nested] 474+ messages in thread
* Re: [PATCH 5.10 000/452] 5.10.121-rc1 review
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (451 preceding siblings ...)
2022-06-07 17:05 ` [PATCH 5.10 452/452] md: bcache: check the return value of kzalloc() in detached_dev_do_request() Greg Kroah-Hartman
@ 2022-06-07 19:39 ` Pavel Machek
2022-06-08 1:29 ` Shuah Khan
` (4 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Pavel Machek @ 2022-06-07 19:39 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee,
slade
[-- Attachment #1: Type: text/plain, Size: 662 bytes --]
Hi!
> This is the start of the stable review cycle for the 5.10.121 release.
> There are 452 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
CIP testing did not find any problems here:
https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/tree/linux-5.10.y
Tested-by: Pavel Machek (CIP) <pavel@denx.de>
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 474+ messages in thread
* Re: [PATCH 5.10 000/452] 5.10.121-rc1 review
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (452 preceding siblings ...)
2022-06-07 19:39 ` [PATCH 5.10 000/452] 5.10.121-rc1 review Pavel Machek
@ 2022-06-08 1:29 ` Shuah Khan
2022-06-08 10:11 ` Sudip Mukherjee
` (3 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Shuah Khan @ 2022-06-08 1:29 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, f.fainelli, sudipm.mukherjee, slade,
Shuah Khan
On 6/7/22 10:57 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.121 release.
> There are 452 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 09 Jun 2022 16:48:02 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.121-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 474+ messages in thread
* Re: [PATCH 5.10 001/452] arm64: Initialize jump labels before setup_machine_fdt()
2022-06-07 17:28 ` Catalin Marinas
@ 2022-06-08 6:55 ` Ard Biesheuvel
2022-06-08 7:26 ` Jason A. Donenfeld
0 siblings, 1 reply; 474+ messages in thread
From: Ard Biesheuvel @ 2022-06-08 6:55 UTC (permalink / raw)
To: Catalin Marinas
Cc: Greg Kroah-Hartman, Linux Kernel Mailing List, # 3.4.x,
Hsin-Yi Wang, Douglas Anderson, Steven Rostedt,
Jason A. Donenfeld, Dominik Brodowski, Stephen Boyd
On Tue, 7 Jun 2022 at 19:28, Catalin Marinas <catalin.marinas@arm.com> wrote:
>
> Hi Greg,
>
> On Tue, Jun 07, 2022 at 06:57:38PM +0200, Greg Kroah-Hartman wrote:
> > From: Stephen Boyd <swboyd@chromium.org>
> >
> > commit 73e2d827a501d48dceeb5b9b267a4cd283d6b1ae upstream.
> >
> > A static key warning splat appears during early boot on arm64 systems
> > that credit randomness from devicetrees that contain an "rng-seed"
> > property. This is because setup_machine_fdt() is called before
> > jump_label_init() during setup_arch(). Let's swap the order of these two
> > calls so that jump labels are initialized before the devicetree is
> > unflattened and the rng seed is credited.
> >
> > static_key_enable_cpuslocked(): static key '0xffffffe51c6fcfc0' used before call to jump_label_init()
> > WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:166 static_key_enable_cpuslocked+0xb0/0xb8
> > Modules linked in:
> > CPU: 0 PID: 0 Comm: swapper Not tainted 5.18.0+ #224 44b43e377bfc84bc99bb5ab885ff694984ee09ff
> > pstate: 600001c9 (nZCv dAIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> > pc : static_key_enable_cpuslocked+0xb0/0xb8
> > lr : static_key_enable_cpuslocked+0xb0/0xb8
> > sp : ffffffe51c393cf0
> > x29: ffffffe51c393cf0 x28: 000000008185054c x27: 00000000f1042f10
> > x26: 0000000000000000 x25: 00000000f10302b2 x24: 0000002513200000
> > x23: 0000002513200000 x22: ffffffe51c1c9000 x21: fffffffdfdc00000
> > x20: ffffffe51c2f0831 x19: ffffffe51c6fcfc0 x18: 00000000ffff1020
> > x17: 00000000e1e2ac90 x16: 00000000000000e0 x15: ffffffe51b710708
> > x14: 0000000000000066 x13: 0000000000000018 x12: 0000000000000000
> > x11: 0000000000000000 x10: 00000000ffffffff x9 : 0000000000000000
> > x8 : 0000000000000000 x7 : 61632065726f6665 x6 : 6220646573752027
> > x5 : ffffffe51c641d25 x4 : ffffffe51c13142c x3 : ffff0a00ffffff05
> > x2 : 40000000ffffe003 x1 : 00000000000001c0 x0 : 0000000000000065
> > Call trace:
> > static_key_enable_cpuslocked+0xb0/0xb8
> > static_key_enable+0x2c/0x40
> > crng_set_ready+0x24/0x30
> > execute_in_process_context+0x80/0x90
> > _credit_init_bits+0x100/0x154
> > add_bootloader_randomness+0x64/0x78
> > early_init_dt_scan_chosen+0x140/0x184
> > early_init_dt_scan_nodes+0x28/0x4c
> > early_init_dt_scan+0x40/0x44
> > setup_machine_fdt+0x7c/0x120
> > setup_arch+0x74/0x1d8
> > start_kernel+0x84/0x44c
> > __primary_switched+0xc0/0xc8
> > ---[ end trace 0000000000000000 ]---
> > random: crng init done
> > Machine model: Google Lazor (rev1 - 2) with LTE
> >
> > Cc: Hsin-Yi Wang <hsinyi@chromium.org>
> > Cc: Douglas Anderson <dianders@chromium.org>
> > Cc: Ard Biesheuvel <ardb@kernel.org>
> > Cc: Steven Rostedt <rostedt@goodmis.org>
> > Cc: Jason A. Donenfeld <Jason@zx2c4.com>
> > Cc: Dominik Brodowski <linux@dominikbrodowski.net>
> > Fixes: f5bda35fba61 ("random: use static branch for crng_ready()")
> > Signed-off-by: Stephen Boyd <swboyd@chromium.org>
> > Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
> > Link: https://lore.kernel.org/r/20220602022109.780348-1-swboyd@chromium.org
> > Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
> > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>
> Since Jason asked for the fixed commit (f5bda35fba61) to be reverted in
> stable, please don't push this arm64 patch either. Given the risks of
> breakage as on arm32 (it doesn't look like but you never know), I'm
> tempted to revert it from mainline as well if Jason finds a better
> solution for the early crng_reseed() call.
>
So as I understand it, there are basically three options:
0. don't use a static branch in the RNG code
1. use a static branch but don't patch it extremely early
2. fix all the arch code so that it is safe to patch static branches
extremely early.
We have been digging into the ARM code yesterday, and identified that
RISC-V needs to be fixed as well. In fact, every arch that calls
early_init_dt_scan() from setup_arch() will need to be vetted to
ensure that jump label patching is possible this early.
Jason already proposed an implementation of 1) here
https://lore.kernel.org/lkml/20220607100210.683136-1-Jason@zx2c4.com/
which seems to me to be the most suitable approach by far, given that
it removes the need to fiddle with very early boot code on many
different architectures. That would also allow the arm64 of /this/
patch to be reverted from mainline.
^ permalink raw reply [flat|nested] 474+ messages in thread
* Re: [PATCH 5.10 001/452] arm64: Initialize jump labels before setup_machine_fdt()
2022-06-08 6:55 ` Ard Biesheuvel
@ 2022-06-08 7:26 ` Jason A. Donenfeld
0 siblings, 0 replies; 474+ messages in thread
From: Jason A. Donenfeld @ 2022-06-08 7:26 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: Catalin Marinas, Greg Kroah-Hartman, Linux Kernel Mailing List,
# 3.4.x, Hsin-Yi Wang, Douglas Anderson, Steven Rostedt,
Dominik Brodowski, Stephen Boyd
Hi Ard,
This thread here is about stable review. Catalin mentioned to Greg
that the arm64 patch isn't required any more. I also mentioned the
same to Greg yesterday when it was in queue. Either way, what happens
in 5.19 no longer has any effect on stable any more, since it's been
reverted in stable. Therefore, I kindly ask you not to start yet
*another* thread about the same topic we've been discussing over the
last day. There are already 7 discussions about exactly the same
thing; no need to make another. Let's resume working on this all
today.
Jason
^ permalink raw reply [flat|nested] 474+ messages in thread
* Re: [PATCH 5.10 000/452] 5.10.121-rc1 review
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (453 preceding siblings ...)
2022-06-08 1:29 ` Shuah Khan
@ 2022-06-08 10:11 ` Sudip Mukherjee
2022-06-08 13:29 ` Fox Chen
` (2 subsequent siblings)
457 siblings, 0 replies; 474+ messages in thread
From: Sudip Mukherjee @ 2022-06-08 10:11 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, slade
Hi Greg,
On Tue, Jun 07, 2022 at 06:57:37PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.121 release.
> There are 452 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 09 Jun 2022 16:48:02 +0000.
> Anything received after that time might be too late.
Build test (gcc version 11.3.1 20220606):
mips: 63 configs -> no failure
arm: 104 configs -> no failure
arm64: 3 configs -> no failure
x86_64: 4 configs -> no failure
alpha allmodconfig -> no failure
riscv allmodconfig -> no failure
s390 allmodconfig -> no failure
xtensa allmodconfig -> no failure
Boot test:
x86_64: Booted on my test laptop. No regression.
x86_64: Booted on qemu. No regression. [1]
arm64: Booted on rpi4b (4GB model). No regression. [2]
[1]. https://openqa.qa.codethink.co.uk/tests/1288
[2]. https://openqa.qa.codethink.co.uk/tests/1292
Tested-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
--
Regards
Sudip
^ permalink raw reply [flat|nested] 474+ messages in thread
* Re: [PATCH 5.10 011/452] usb: dwc3: gadget: Move null pinter check to proper place
2022-06-07 16:57 ` [PATCH 5.10 011/452] usb: dwc3: gadget: Move null pinter check to proper place Greg Kroah-Hartman
@ 2022-06-08 11:33 ` Pavel Machek
0 siblings, 0 replies; 474+ messages in thread
From: Pavel Machek @ 2022-06-08 11:33 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: linux-kernel, stable, stable, Albert Wang
[-- Attachment #1: Type: text/plain, Size: 1365 bytes --]
Hi!
> commit 3c5880745b4439ac64eccdb040e37fc1cc4c5406 upstream.
>
> When dwc3_gadget_ep_cleanup_completed_requests() called to
> dwc3_gadget_giveback() where the dwc3 lock is released, other thread is
> able to execute. In this situation, usb_ep_disable() gets the chance to
> clear endpoint descriptor pointer which leds to the null pointer
> dereference problem. So needs to move the null pointer check to a proper
> place.
Ok, but could someone check the error handling there? There's some
cleanup at the out label, but moved code does not jump there.
Best regards,
Pavel
> +++ b/drivers/usb/dwc3/gadget.c
> @@ -2960,14 +2960,14 @@ static bool dwc3_gadget_endpoint_trbs_co
> struct dwc3 *dwc = dep->dwc;
> bool no_started_trb = true;
>
> - if (!dep->endpoint.desc)
> - return no_started_trb;
> -
> dwc3_gadget_ep_cleanup_completed_requests(dep, event, status);
>
> if (dep->flags & DWC3_EP_END_TRANSFER_PENDING)
> goto out;
>
> + if (!dep->endpoint.desc)
> + return no_started_trb;
> +
> if (usb_endpoint_xfer_isoc(dep->endpoint.desc) &&
> list_empty(&dep->started_list) &&
> (list_empty(&dep->pending_list) || status == -EXDEV))
>
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 474+ messages in thread
* Re: [PATCH 5.10 026/452] selftests/bpf: Fix vfs_link kprobe definition
2022-06-07 16:58 ` [PATCH 5.10 026/452] selftests/bpf: Fix vfs_link kprobe definition Greg Kroah-Hartman
@ 2022-06-08 11:38 ` Pavel Machek
2022-06-08 11:59 ` Greg Kroah-Hartman
0 siblings, 1 reply; 474+ messages in thread
From: Pavel Machek @ 2022-06-08 11:38 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Nikolay Borisov, Andrii Nakryiko, Sasha Levin
[-- Attachment #1: Type: text/plain, Size: 1562 bytes --]
Hi!
> [ Upstream commit e299bcd4d16ff86f46c48df1062c8aae0eca1ed8 ]
>
> Since commit 6521f8917082 ("namei: prepare for idmapped mounts")
> vfs_link's prototype was changed, the kprobe definition in
> profiler selftest in turn wasn't updated. The result is that all
> argument after the first are now stored in different registers. This
> means that self-test has been broken ever since. Fix it by updating the
> kprobe definition accordingly.
I don't see 6521f8917082 ("namei: prepare for idmapped mounts") in
5.10-stable tree. In 5.10, we still have:
include/linux/fs.h:extern int vfs_link(struct dentry *, struct inode *, struct dentry *, struct inode **);
I believe that means we should not have this one, either.
Best regards,
Pavel
> +++ b/tools/testing/selftests/bpf/progs/profiler.inc.h
> @@ -826,8 +826,9 @@ int kprobe_ret__do_filp_open(struct pt_regs* ctx)
>
> SEC("kprobe/vfs_link")
> int BPF_KPROBE(kprobe__vfs_link,
> - struct dentry* old_dentry, struct inode* dir,
> - struct dentry* new_dentry, struct inode** delegated_inode)
> + struct dentry* old_dentry, struct user_namespace *mnt_userns,
> + struct inode* dir, struct dentry* new_dentry,
> + struct inode** delegated_inode)
> {
> struct bpf_func_stats_ctx stats_ctx;
> bpf_stats_enter(&stats_ctx, profiler_bpf_vfs_link);
> --
> 2.35.1
>
>
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 474+ messages in thread
* Re: [PATCH 5.10 136/452] bpf: Fix excessive memory allocation in stack_map_alloc()
2022-06-07 16:59 ` [PATCH 5.10 136/452] bpf: Fix excessive memory allocation in stack_map_alloc() Greg Kroah-Hartman
@ 2022-06-08 11:40 ` Pavel Machek
2022-06-08 14:25 ` [PATCH] " Yuntao Wang
0 siblings, 1 reply; 474+ messages in thread
From: Pavel Machek @ 2022-06-08 11:40 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, Yuntao Wang, Daniel Borkmann, Sasha Levin
[-- Attachment #1: Type: text/plain, Size: 1538 bytes --]
Hi!
> The 'n_buckets * (value_size + sizeof(struct stack_map_bucket))' part of the
> allocated memory for 'smap' is never used after the memlock accounting was
> removed, thus get rid of it.
>
> [ Note, Daniel:
>
> Commit b936ca643ade ("bpf: rework memlock-based memory accounting for maps")
> moved `cost += n_buckets * (value_size + sizeof(struct stack_map_bucket))`
> up and therefore before the bpf_map_area_alloc() allocation, sigh. In a later
> step commit c85d69135a91 ("bpf: move memory size checks to bpf_map_charge_init()"),
> and the overflow checks of `cost >= U32_MAX - PAGE_SIZE` moved into
> bpf_map_charge_init(). And then 370868107bf6 ("bpf: Eliminate rlimit-based
> memory accounting for stackmap maps") finally removed the bpf_map_charge_init().
> Anyway, the original code did the allocation same way as /after/ this fix. ]
We don't have 370868107bf6 in 5.10. Can someone verify this is still
right think to do for 5.10?
Best regards,
Pavel
> +++ b/kernel/bpf/stackmap.c
> @@ -121,7 +121,6 @@ static struct bpf_map *stack_map_alloc(union bpf_attr *attr)
> return ERR_PTR(-E2BIG);
>
> cost = n_buckets * sizeof(struct stack_map_bucket *) + sizeof(*smap);
> - cost += n_buckets * (value_size + sizeof(struct stack_map_bucket));
> err = bpf_map_charge_init(&mem, cost);
> if (err)
> return ERR_PTR(err);
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 474+ messages in thread
* Re: [PATCH 5.10 026/452] selftests/bpf: Fix vfs_link kprobe definition
2022-06-08 11:38 ` Pavel Machek
@ 2022-06-08 11:59 ` Greg Kroah-Hartman
0 siblings, 0 replies; 474+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-08 11:59 UTC (permalink / raw)
To: Pavel Machek
Cc: linux-kernel, stable, Nikolay Borisov, Andrii Nakryiko, Sasha Levin
On Wed, Jun 08, 2022 at 01:38:42PM +0200, Pavel Machek wrote:
> Hi!
>
> > [ Upstream commit e299bcd4d16ff86f46c48df1062c8aae0eca1ed8 ]
> >
> > Since commit 6521f8917082 ("namei: prepare for idmapped mounts")
> > vfs_link's prototype was changed, the kprobe definition in
> > profiler selftest in turn wasn't updated. The result is that all
> > argument after the first are now stored in different registers. This
> > means that self-test has been broken ever since. Fix it by updating the
> > kprobe definition accordingly.
>
> I don't see 6521f8917082 ("namei: prepare for idmapped mounts") in
> 5.10-stable tree. In 5.10, we still have:
>
> include/linux/fs.h:extern int vfs_link(struct dentry *, struct inode *, struct dentry *, struct inode **);
>
> I believe that means we should not have this one, either.
Good point, will go drop this, thanks.
greg k-h
^ permalink raw reply [flat|nested] 474+ messages in thread
* RE: [PATCH 5.10 000/452] 5.10.121-rc1 review
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (454 preceding siblings ...)
2022-06-08 10:11 ` Sudip Mukherjee
@ 2022-06-08 13:29 ` Fox Chen
2022-06-08 16:55 ` Naresh Kamboju
2022-06-08 23:50 ` Guenter Roeck
457 siblings, 0 replies; 474+ messages in thread
From: Fox Chen @ 2022-06-08 13:29 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, slade, Fox Chen
On Tue, 7 Jun 2022 18:57:37 +0200, Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> This is the start of the stable review cycle for the 5.10.121 release.
> There are 452 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 09 Jun 2022 16:48:02 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.121-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
5.10.121-rc1 Successfully Compiled and booted on my Raspberry PI 4b (8g) (bcm2711)
Tested-by: Fox Chen <foxhlchen@gmail.com>
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH] bpf: Fix excessive memory allocation in stack_map_alloc()
2022-06-08 11:40 ` Pavel Machek
@ 2022-06-08 14:25 ` Yuntao Wang
2022-06-08 15:20 ` Greg KH
0 siblings, 1 reply; 474+ messages in thread
From: Yuntao Wang @ 2022-06-08 14:25 UTC (permalink / raw)
To: pavel; +Cc: daniel, gregkh, linux-kernel, sashal, stable, ytcoode
The 'n_buckets * (value_size + sizeof(struct stack_map_bucket))' part of
the allocated memory for 'smap' is never used, get rid of it.
Fixes: b936ca643ade ("bpf: rework memlock-based memory accounting for maps")
Signed-off-by: Yuntao Wang <ytcoode@gmail.com>
Link: https://lore.kernel.org/bpf/20220407130423.798386-1-ytcoode@gmail.com
---
This is the modified version for 5.10, the original patch is:
[ Upstream commit b45043192b3e481304062938a6561da2ceea46a6 ]
It would be better if the new patch can be reviewed by someone else.
kernel/bpf/stackmap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/bpf/stackmap.c b/kernel/bpf/stackmap.c
index 4575d2d60cb1..54fdcb78ad19 100644
--- a/kernel/bpf/stackmap.c
+++ b/kernel/bpf/stackmap.c
@@ -121,8 +121,8 @@ static struct bpf_map *stack_map_alloc(union bpf_attr *attr)
return ERR_PTR(-E2BIG);
cost = n_buckets * sizeof(struct stack_map_bucket *) + sizeof(*smap);
- cost += n_buckets * (value_size + sizeof(struct stack_map_bucket));
- err = bpf_map_charge_init(&mem, cost);
+ err = bpf_map_charge_init(&mem, cost + n_buckets *
+ (value_size + sizeof(struct stack_map_bucket)));
if (err)
return ERR_PTR(err);
--
2.36.0
^ permalink raw reply related [flat|nested] 474+ messages in thread
* Re: [PATCH] bpf: Fix excessive memory allocation in stack_map_alloc()
2022-06-08 14:25 ` [PATCH] " Yuntao Wang
@ 2022-06-08 15:20 ` Greg KH
2022-06-08 16:07 ` Yuntao Wang
0 siblings, 1 reply; 474+ messages in thread
From: Greg KH @ 2022-06-08 15:20 UTC (permalink / raw)
To: Yuntao Wang; +Cc: pavel, daniel, linux-kernel, sashal, stable
On Wed, Jun 08, 2022 at 10:25:38PM +0800, Yuntao Wang wrote:
> The 'n_buckets * (value_size + sizeof(struct stack_map_bucket))' part of
> the allocated memory for 'smap' is never used, get rid of it.
>
> Fixes: b936ca643ade ("bpf: rework memlock-based memory accounting for maps")
> Signed-off-by: Yuntao Wang <ytcoode@gmail.com>
> Link: https://lore.kernel.org/bpf/20220407130423.798386-1-ytcoode@gmail.com
> ---
> This is the modified version for 5.10, the original patch is:
>
> [ Upstream commit b45043192b3e481304062938a6561da2ceea46a6 ]
>
> It would be better if the new patch can be reviewed by someone else.
What is wrong with the version that we have queued up in the 5.10-stable
review queue right now?
>
> kernel/bpf/stackmap.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/bpf/stackmap.c b/kernel/bpf/stackmap.c
> index 4575d2d60cb1..54fdcb78ad19 100644
> --- a/kernel/bpf/stackmap.c
> +++ b/kernel/bpf/stackmap.c
> @@ -121,8 +121,8 @@ static struct bpf_map *stack_map_alloc(union bpf_attr *attr)
> return ERR_PTR(-E2BIG);
>
> cost = n_buckets * sizeof(struct stack_map_bucket *) + sizeof(*smap);
> - cost += n_buckets * (value_size + sizeof(struct stack_map_bucket));
> - err = bpf_map_charge_init(&mem, cost);
> + err = bpf_map_charge_init(&mem, cost + n_buckets *
> + (value_size + sizeof(struct stack_map_bucket)));
This differs from what we have queued up for 5.4.y and 5.10.y, why?
If you are going to modify the upstream version, you need to document in
great detail what you have changed and why you have changed it.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 474+ messages in thread
* Re: [PATCH] bpf: Fix excessive memory allocation in stack_map_alloc()
2022-06-08 15:20 ` Greg KH
@ 2022-06-08 16:07 ` Yuntao Wang
2022-06-13 8:00 ` Greg KH
0 siblings, 1 reply; 474+ messages in thread
From: Yuntao Wang @ 2022-06-08 16:07 UTC (permalink / raw)
To: gregkh; +Cc: daniel, linux-kernel, pavel, sashal, stable, ytcoode
On Wed, 8 Jun 2022 17:20:58 +0200, Greg KH wrote:
> On Wed, Jun 08, 2022 at 10:25:38PM +0800, Yuntao Wang wrote:
> > The 'n_buckets * (value_size + sizeof(struct stack_map_bucket))' part of
> > the allocated memory for 'smap' is never used, get rid of it.
> >
> > Fixes: b936ca643ade ("bpf: rework memlock-based memory accounting for maps")
> > Signed-off-by: Yuntao Wang <ytcoode@gmail.com>
> > Link: https://lore.kernel.org/bpf/20220407130423.798386-1-ytcoode@gmail.com
> > ---
> > This is the modified version for 5.10, the original patch is:
> >
> > [ Upstream commit b45043192b3e481304062938a6561da2ceea46a6 ]
> >
> > It would be better if the new patch can be reviewed by someone else.
>
> What is wrong with the version that we have queued up in the 5.10-stable
> review queue right now?
Since the 5.10 branch doesn't have commit 370868107bf6, the upstream version
is not correct for it, I modified the original patch and wanted to backport
it to the 5.10 branch.
> >
> > kernel/bpf/stackmap.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/kernel/bpf/stackmap.c b/kernel/bpf/stackmap.c
> > index 4575d2d60cb1..54fdcb78ad19 100644
> > --- a/kernel/bpf/stackmap.c
> > +++ b/kernel/bpf/stackmap.c
> > @@ -121,8 +121,8 @@ static struct bpf_map *stack_map_alloc(union bpf_attr *attr)
> > return ERR_PTR(-E2BIG);
> >
> > cost = n_buckets * sizeof(struct stack_map_bucket *) + sizeof(*smap);
> > - cost += n_buckets * (value_size + sizeof(struct stack_map_bucket));
> > - err = bpf_map_charge_init(&mem, cost);
> > + err = bpf_map_charge_init(&mem, cost + n_buckets *
> > + (value_size + sizeof(struct stack_map_bucket)));
>
> This differs from what we have queued up for 5.4.y and 5.10.y, why?
> If you are going to modify the upstream version, you need to document in
> great detail what you have changed and why you have changed it.
>
> thanks,
>
> greg k-h
^ permalink raw reply [flat|nested] 474+ messages in thread
* Re: [PATCH 5.10 000/452] 5.10.121-rc1 review
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (455 preceding siblings ...)
2022-06-08 13:29 ` Fox Chen
@ 2022-06-08 16:55 ` Naresh Kamboju
2022-06-08 23:50 ` Guenter Roeck
457 siblings, 0 replies; 474+ messages in thread
From: Naresh Kamboju @ 2022-06-08 16:55 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee,
slade
On Tue, 7 Jun 2022 at 22:49, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 5.10.121 release.
> There are 452 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 09 Jun 2022 16:48:02 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.121-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
## Build
* kernel: 5.10.121-rc1
* git: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc
* git branch: linux-5.10.y
* git commit: 08871e799a04f665596bafc8f6eec44c04286815
* git describe: v5.10.120-453-g08871e799a04
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.10.y/build/v5.10.120-453-g08871e799a04
## Test Regressions (compared to v5.10.120)
No test regressions found.
## Metric Regressions (compared to v5.10.120)
No metric regressions found.
## Test Fixes (compared to v5.10.120)
No test fixes found.
## Metric Fixes (compared to v5.10.120)
No metric fixes found.
## Test result summary
total: 137538, pass: 124480, fail: 212, skip: 12042, xfail: 804
## Build Summary
* arc: 10 total, 10 passed, 0 failed
* arm: 314 total, 314 passed, 0 failed
* arm64: 58 total, 58 passed, 0 failed
* i386: 52 total, 49 passed, 3 failed
* mips: 37 total, 37 passed, 0 failed
* parisc: 12 total, 12 passed, 0 failed
* powerpc: 51 total, 51 passed, 0 failed
* riscv: 27 total, 27 passed, 0 failed
* s390: 21 total, 21 passed, 0 failed
* sh: 24 total, 24 passed, 0 failed
* sparc: 12 total, 12 passed, 0 failed
* x86_64: 56 total, 55 passed, 1 failed
## Test suites summary
* fwts
* kunit
* kvm-unit-tests
* libgpiod
* libhugetlbfs
* log-parser-boot
* log-parser-test
* ltp-cap_bounds
* ltp-cap_bounds-tests
* ltp-commands
* ltp-commands-tests
* ltp-containers
* ltp-containers-tests
* ltp-controllers-tests
* ltp-cpuhotplug-tests
* ltp-crypto
* ltp-crypto-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests
* ltp-fcntl-locktests-tests
* ltp-filecaps
* ltp-filecaps-tests
* ltp-fs
* ltp-fs-tests
* ltp-fs_bind
* ltp-fs_bind-tests
* ltp-fs_perms_simple
* ltp-fs_perms_simple-tests
* ltp-fsx
* ltp-fsx-tests
* ltp-hugetlb
* ltp-hugetlb-tests
* ltp-io
* ltp-io-tests
* ltp-ipc
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl
* ltp-nptl-tests
* ltp-open-posix-tests
* ltp-pty
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-tracing-tests
* network-basic-tests
* packetdrill
* perf
* perf/Zstd-perf.data-compression
* rcutorture
* ssuite
* v4l2-compliance
* vdso
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 474+ messages in thread
* Re: [PATCH 5.10 000/452] 5.10.121-rc1 review
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
` (456 preceding siblings ...)
2022-06-08 16:55 ` Naresh Kamboju
@ 2022-06-08 23:50 ` Guenter Roeck
457 siblings, 0 replies; 474+ messages in thread
From: Guenter Roeck @ 2022-06-08 23:50 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee,
slade
On Tue, Jun 07, 2022 at 06:57:37PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.10.121 release.
> There are 452 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 09 Jun 2022 16:48:02 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 163 pass: 163 fail: 0
Qemu test results:
total: 477 pass: 477 fail: 0
Tested-by: Guenter Roeck <linux@roeck-us.net>
Guenter
^ permalink raw reply [flat|nested] 474+ messages in thread
* Re: [PATCH] bpf: Fix excessive memory allocation in stack_map_alloc()
2022-06-08 16:07 ` Yuntao Wang
@ 2022-06-13 8:00 ` Greg KH
2022-06-14 14:26 ` [PATCH] bpf: Fix incorrect memory charge cost calculation " Yuntao Wang
0 siblings, 1 reply; 474+ messages in thread
From: Greg KH @ 2022-06-13 8:00 UTC (permalink / raw)
To: Yuntao Wang; +Cc: daniel, linux-kernel, pavel, sashal, stable
On Thu, Jun 09, 2022 at 12:07:28AM +0800, Yuntao Wang wrote:
> On Wed, 8 Jun 2022 17:20:58 +0200, Greg KH wrote:
> > On Wed, Jun 08, 2022 at 10:25:38PM +0800, Yuntao Wang wrote:
> > > The 'n_buckets * (value_size + sizeof(struct stack_map_bucket))' part of
> > > the allocated memory for 'smap' is never used, get rid of it.
> > >
> > > Fixes: b936ca643ade ("bpf: rework memlock-based memory accounting for maps")
> > > Signed-off-by: Yuntao Wang <ytcoode@gmail.com>
> > > Link: https://lore.kernel.org/bpf/20220407130423.798386-1-ytcoode@gmail.com
> > > ---
> > > This is the modified version for 5.10, the original patch is:
> > >
> > > [ Upstream commit b45043192b3e481304062938a6561da2ceea46a6 ]
> > >
> > > It would be better if the new patch can be reviewed by someone else.
> >
> > What is wrong with the version that we have queued up in the 5.10-stable
> > review queue right now?
>
> Since the 5.10 branch doesn't have commit 370868107bf6, the upstream version
> is not correct for it, I modified the original patch and wanted to backport
> it to the 5.10 branch.
This does not apply to the 5.10 branch now, can you provide a working
version?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 474+ messages in thread
* [PATCH] bpf: Fix incorrect memory charge cost calculation in stack_map_alloc()
2022-06-13 8:00 ` Greg KH
@ 2022-06-14 14:26 ` Yuntao Wang
2022-06-16 13:09 ` Greg KH
0 siblings, 1 reply; 474+ messages in thread
From: Yuntao Wang @ 2022-06-14 14:26 UTC (permalink / raw)
To: gregkh
Cc: daniel, linux-kernel, pavel, sashal, stable, ytcoode, ast,
andrii, kafai, songliubraving, yhs, john.fastabend, kpsingh, bpf
commit b45043192b3e481304062938a6561da2ceea46a6 upstream.
This is a backport of the original upstream patch for 5.4/5.10.
The original upstream patch has been applied to 5.4/5.10 branches, which
simply removed the line:
cost += n_buckets * (value_size + sizeof(struct stack_map_bucket));
This is correct for upstream branch but incorrect for 5.4/5.10 branches,
as the 5.4/5.10 branches do not have the commit 370868107bf6 ("bpf:
Eliminate rlimit-based memory accounting for stackmap maps"), so the
bpf_map_charge_init() function has not been removed.
Currently the bpf_map_charge_init() function in 5.4/5.10 branches takes a
wrong memory charge cost, the
attr->max_entries * (sizeof(struct stack_map_bucket) + (u64)value_size))
part is missing, let's fix it.
Cc: <stable@vger.kernel.org> # 5.4.y
Cc: <stable@vger.kernel.org> # 5.10.y
Signed-off-by: Yuntao Wang <ytcoode@gmail.com>
---
Note that the original upstream patch is currently applied to
linux-stable-rc/linux-5.4.y branch, not linux/linux-5.4.y, this patch
depends on that patch.
kernel/bpf/stackmap.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/bpf/stackmap.c b/kernel/bpf/stackmap.c
index c19e669afba0..0c5bf98d5576 100644
--- a/kernel/bpf/stackmap.c
+++ b/kernel/bpf/stackmap.c
@@ -121,7 +121,8 @@ static struct bpf_map *stack_map_alloc(union bpf_attr *attr)
return ERR_PTR(-E2BIG);
cost = n_buckets * sizeof(struct stack_map_bucket *) + sizeof(*smap);
- err = bpf_map_charge_init(&mem, cost);
+ err = bpf_map_charge_init(&mem, cost + attr->max_entries *
+ (sizeof(struct stack_map_bucket) + (u64)value_size));
if (err)
return ERR_PTR(err);
--
2.36.0
^ permalink raw reply related [flat|nested] 474+ messages in thread
* Re: [PATCH] bpf: Fix incorrect memory charge cost calculation in stack_map_alloc()
2022-06-14 14:26 ` [PATCH] bpf: Fix incorrect memory charge cost calculation " Yuntao Wang
@ 2022-06-16 13:09 ` Greg KH
0 siblings, 0 replies; 474+ messages in thread
From: Greg KH @ 2022-06-16 13:09 UTC (permalink / raw)
To: Yuntao Wang
Cc: daniel, linux-kernel, pavel, sashal, stable, ast, andrii, kafai,
songliubraving, yhs, john.fastabend, kpsingh, bpf
On Tue, Jun 14, 2022 at 10:26:22PM +0800, Yuntao Wang wrote:
> commit b45043192b3e481304062938a6561da2ceea46a6 upstream.
>
> This is a backport of the original upstream patch for 5.4/5.10.
>
> The original upstream patch has been applied to 5.4/5.10 branches, which
> simply removed the line:
>
> cost += n_buckets * (value_size + sizeof(struct stack_map_bucket));
>
> This is correct for upstream branch but incorrect for 5.4/5.10 branches,
> as the 5.4/5.10 branches do not have the commit 370868107bf6 ("bpf:
> Eliminate rlimit-based memory accounting for stackmap maps"), so the
> bpf_map_charge_init() function has not been removed.
>
> Currently the bpf_map_charge_init() function in 5.4/5.10 branches takes a
> wrong memory charge cost, the
>
> attr->max_entries * (sizeof(struct stack_map_bucket) + (u64)value_size))
>
> part is missing, let's fix it.
>
> Cc: <stable@vger.kernel.org> # 5.4.y
> Cc: <stable@vger.kernel.org> # 5.10.y
> Signed-off-by: Yuntao Wang <ytcoode@gmail.com>
> ---
> Note that the original upstream patch is currently applied to
> linux-stable-rc/linux-5.4.y branch, not linux/linux-5.4.y, this patch
> depends on that patch.
Now queued up, thanks.
greg k-h
^ permalink raw reply [flat|nested] 474+ messages in thread
end of thread, other threads:[~2022-06-16 13:09 UTC | newest]
Thread overview: 474+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-07 16:57 [PATCH 5.10 000/452] 5.10.121-rc1 review Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 001/452] arm64: Initialize jump labels before setup_machine_fdt() Greg Kroah-Hartman
2022-06-07 17:28 ` Catalin Marinas
2022-06-08 6:55 ` Ard Biesheuvel
2022-06-08 7:26 ` Jason A. Donenfeld
2022-06-07 16:57 ` [PATCH 5.10 002/452] binfmt_flat: do not stop relocating GOT entries prematurely on riscv Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 003/452] parisc/stifb: Implement fb_is_primary_device() Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 004/452] riscv: Initialize thread pointer before calling C functions Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 005/452] riscv: Fix irq_work when SMP is disabled Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 006/452] ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 007/452] ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 008/452] ALSA: usb-audio: Cancel pending work at closing a MIDI substream Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 009/452] USB: serial: option: add Quectel BG95 modem Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 010/452] USB: new quirk for Dell Gen 2 devices Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 011/452] usb: dwc3: gadget: Move null pinter check to proper place Greg Kroah-Hartman
2022-06-08 11:33 ` Pavel Machek
2022-06-07 16:57 ` [PATCH 5.10 012/452] usb: core: hcd: Add support for deferring roothub registration Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 013/452] cifs: when extending a file with falloc we should make files not-sparse Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 014/452] xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 015/452] Fonts: Make font size unsigned in font_desc Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 016/452] parisc/stifb: Keep track of hardware path of graphics card Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 017/452] x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 018/452] perf/x86/intel: Fix event constraints for ICL Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 019/452] ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 020/452] ptrace/xtensa: Replace PT_SINGLESTEP " Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 021/452] ptrace: Reimplement PTRACE_KILL by always sending SIGKILL Greg Kroah-Hartman
2022-06-07 16:57 ` [PATCH 5.10 022/452] btrfs: add "0x" prefix for unsupported optional features Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 023/452] btrfs: repair super block num_devices automatically Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 024/452] iommu/vt-d: Add RPLS to quirk list to skip TE disabling Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 025/452] drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 026/452] selftests/bpf: Fix vfs_link kprobe definition Greg Kroah-Hartman
2022-06-08 11:38 ` Pavel Machek
2022-06-08 11:59 ` Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 027/452] mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 028/452] b43legacy: Fix assigning negative value to unsigned variable Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 029/452] b43: " Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 030/452] ipw2x00: Fix potential NULL dereference in libipw_xmit() Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 031/452] ipv6: fix locking issues with loops over idev->addr_list Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 032/452] fbcon: Consistently protect deferred_takeover with console_lock() Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 033/452] x86/platform/uv: Update TSC sync state for UV5 Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 034/452] ACPICA: Avoid cache flush inside virtual machines Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 035/452] drm/komeda: return early if drm_universal_plane_init() fails Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 036/452] rcu-tasks: Fix race in schedule and flush work Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 037/452] rcu: Make TASKS_RUDE_RCU select IRQ_WORK Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 038/452] sfc: ef10: Fix assigning negative value to unsigned variable Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 039/452] ALSA: jack: Access input_dev under mutex Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 040/452] spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 041/452] tools/power turbostat: fix ICX DRAM power numbers Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 042/452] drm/amd/pm: fix double free in si_parse_power_table() Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 043/452] ath9k: fix QCA9561 PA bias level Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 044/452] media: venus: hfi: avoid null dereference in deinit Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 045/452] media: pci: cx23885: Fix the error handling in cx23885_initdev() Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 046/452] media: cx25821: Fix the warning when removing the module Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 047/452] md/bitmap: dont set sb values if cant pass sanity check Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 048/452] mmc: jz4740: Apply DMA engine limits to maximum segment size Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 049/452] drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 050/452] scsi: megaraid: Fix error check return value of register_chrdev() Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 051/452] scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 052/452] scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 053/452] ath11k: disable spectral scan during spectral deinit Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 054/452] ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 055/452] drm/plane: Move range check for format_count earlier Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 056/452] drm/amd/pm: fix the compile warning Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 057/452] ath10k: skip ath10k_halt during suspend for driver state RESTARTING Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 058/452] arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 059/452] drm: msm: fix error check return value of irq_of_parse_and_map() Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 060/452] ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 061/452] net/mlx5: fs, delete the FTE when there are no rules attached to it Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 062/452] ASoC: dapm: Dont fold register value changes into notifications Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 063/452] mlxsw: spectrum_dcb: Do not warn about priority changes Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 064/452] mlxsw: Treat LLDP packets as control Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 065/452] drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo Greg Kroah-Hartman
2022-06-07 17:33 ` Deucher, Alexander
2022-06-07 17:46 ` Deucher, Alexander
2022-06-07 16:58 ` [PATCH 5.10 066/452] HID: bigben: fix slab-out-of-bounds Write in bigben_probe Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 067/452] ASoC: tscs454: Add endianness flag in snd_soc_component_driver Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 068/452] net: remove two BUG() from skb_checksum_help() Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 069/452] s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 070/452] perf/amd/ibs: Cascade pmu init functions return value Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 071/452] spi: stm32-qspi: Fix wait_cmd timeout in APM mode Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 072/452] dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 073/452] ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 074/452] ipmi:ssif: Check for NULL msg when handling events and messages Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 075/452] ipmi: Fix pr_fmt to avoid compilation issues Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 076/452] rtlwifi: Use pr_warn instead of WARN_ONCE Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 077/452] media: rga: fix possible memory leak in rga_probe Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 078/452] media: coda: limit frame interval enumeration to supported encoder frame sizes Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 079/452] media: imon: reorganize serialization Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 080/452] media: cec-adap.c: fix is_configuring state Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 081/452] openrisc: start CPU timer early in boot Greg Kroah-Hartman
2022-06-07 16:58 ` [PATCH 5.10 082/452] nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 083/452] ASoC: rt5645: Fix errorenous cleanup order Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 084/452] nbd: Fix hung on disconnect request if socket is closed before Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 085/452] net: phy: micrel: Allow probing without .driver_data Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 086/452] media: exynos4-is: Fix compile warning Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 087/452] ASoC: max98357a: remove dependency on GPIOLIB Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 088/452] ASoC: rt1015p: " Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 089/452] can: mcp251xfd: silence clangs -Wunaligned-access warning Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 090/452] x86/microcode: Add explicit CPU vendor dependency Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 091/452] m68k: atari: Make Atari ROM port I/O write macros return void Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 092/452] rxrpc: Return an error to sendmsg if call failed Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 093/452] rxrpc, afs: Fix selection of abort codes Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 094/452] eth: tg3: silence the GCC 12 array-bounds warning Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 095/452] selftests/bpf: fix btf_dump/btf_dump due to recent clang change Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 096/452] gfs2: use i_lock spin_lock for inode qadata Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 097/452] IB/rdmavt: add missing locks in rvt_ruc_loopback Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 098/452] ARM: dts: ox820: align interrupt controller node name with dtschema Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 099/452] ARM: dts: s5pv210: align DMA channels " Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 100/452] arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 101/452] PM / devfreq: rk3399_dmc: Disable edev on remove() Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 102/452] crypto: ccree - use fine grained DMA mapping dir Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 103/452] soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 104/452] fs: jfs: fix possible NULL pointer dereference in dbFree() Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 105/452] ARM: OMAP1: clock: Fix UART rate reporting algorithm Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 106/452] powerpc/fadump: Fix fadump to work with a different endian capture kernel Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 107/452] fat: add ratelimit to fat*_ent_bread() Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 108/452] pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 109/452] ARM: versatile: Add missing of_node_put in dcscb_init Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 110/452] ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 111/452] ARM: hisi: Add missing of_node_put after of_find_compatible_node Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 112/452] PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 113/452] tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 114/452] powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 115/452] powerpc/xics: fix refcount leak in icp_opal_init() Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 116/452] powerpc/powernv: fix missing of_node_put in uv_init() Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 117/452] macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 118/452] powerpc/iommu: Add missing of_node_put in iommu_init_early_dart Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 119/452] RDMA/hfi1: Prevent panic when SDMA is disabled Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 120/452] drm: fix EDID struct for old ARM OABI format Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 121/452] dt-bindings: display: sitronix, st7735r: Fix backlight in example Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 122/452] ath11k: acquire ab->base_lock in unassign when finding the peer by addr Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 123/452] ath9k: fix ar9003_get_eepmisc Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 124/452] drm/edid: fix invalid EDID extension block filtering Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 125/452] drm/bridge: adv7511: clean up CEC adapter when probe fails Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 126/452] spi: qcom-qspi: Add minItems to interconnect-names Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 127/452] ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 128/452] ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 129/452] x86/delay: Fix the wrong asm constraint in delay_loop() Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 130/452] drm/ingenic: Reset pixclock rate when parent clock rate changes Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 131/452] drm/mediatek: Fix mtk_cec_mask() Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 132/452] drm/vc4: hvs: Reset muxes at probe time Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 133/452] drm/vc4: txp: Dont set TXP_VSTART_AT_EOF Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 134/452] drm/vc4: txp: Force alpha to be 0xff if its disabled Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 135/452] libbpf: Dont error out on CO-RE relos for overriden weak subprogs Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 136/452] bpf: Fix excessive memory allocation in stack_map_alloc() Greg Kroah-Hartman
2022-06-08 11:40 ` Pavel Machek
2022-06-08 14:25 ` [PATCH] " Yuntao Wang
2022-06-08 15:20 ` Greg KH
2022-06-08 16:07 ` Yuntao Wang
2022-06-13 8:00 ` Greg KH
2022-06-14 14:26 ` [PATCH] bpf: Fix incorrect memory charge cost calculation " Yuntao Wang
2022-06-16 13:09 ` Greg KH
2022-06-07 16:59 ` [PATCH 5.10 137/452] nl80211: show SSID for P2P_GO interfaces Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 138/452] drm/komeda: Fix an undefined behavior bug in komeda_plane_add() Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 139/452] drm: mali-dp: potential dereference of null pointer Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 140/452] spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 141/452] scftorture: Fix distribution of short handler delays Greg Kroah-Hartman
2022-06-07 16:59 ` [PATCH 5.10 142/452] net: dsa: mt7530: 1G can also support 1000BASE-X link mode Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 143/452] NFC: NULL out the dev->rfkill to prevent UAF Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 144/452] efi: Add missing prototype for efi_capsule_setup_info Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 145/452] target: remove an incorrect unmap zeroes data deduction Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 146/452] drbd: fix duplicate array initializer Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 147/452] EDAC/dmc520: Dont print an error for each unconfigured interrupt line Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 148/452] mtd: rawnand: denali: Use managed device resources Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 149/452] HID: hid-led: fix maximum brightness for Dream Cheeky Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 150/452] HID: elan: Fix potential double free in elan_input_configured Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 151/452] drm/bridge: Fix error handling in analogix_dp_probe Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 152/452] sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 153/452] spi: img-spfi: Fix pm_runtime_get_sync() error checking Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 154/452] cpufreq: Fix possible race in cpufreq online error path Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 155/452] ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 156/452] media: hantro: Empty encoder capture buffers by default Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 157/452] drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 158/452] ALSA: pcm: Check for null pointer of pointer substream before dereferencing it Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 159/452] inotify: show inotify mask flags in proc fdinfo Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 160/452] fsnotify: fix wrong lockdep annotations Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 161/452] of: overlay: do not break notify on NOTIFY_{OK|STOP} Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 162/452] drm/msm/dpu: adjust display_v_end for eDP and DP Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 163/452] scsi: ufs: qcom: Fix ufs_qcom_resume() Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 164/452] scsi: ufs: core: Exclude UECxx from SFR dump list Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 165/452] selftests/resctrl: Fix null pointer dereference on open failed Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 166/452] libbpf: Fix logic for finding matching program for CO-RE relocation Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 167/452] mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 168/452] x86/pm: Fix false positive kmemleak report in msr_build_context() Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 169/452] mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 170/452] x86/speculation: Add missing prototype for unpriv_ebpf_notify() Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 171/452] ASoC: rk3328: fix disabling mclk on pclk probe failure Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 172/452] perf tools: Add missing headers needed by util/data.h Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 173/452] drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 174/452] drm/msm/dp: stop event kernel thread when DP unbind Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 175/452] drm/msm/dp: fix error check return value of irq_of_parse_and_map() Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 176/452] drm/msm/dsi: fix error checks and return values for DSI xmit functions Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 177/452] drm/msm/hdmi: check return value after calling platform_get_resource_byname() Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 178/452] drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 179/452] drm/msm: add missing include to msm_drv.c Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 180/452] drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 181/452] drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 182/452] perf tools: Use Python devtools for version autodetection rather than runtime Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 183/452] virtio_blk: fix the discard_granularity and discard_alignment queue limits Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 184/452] x86: Fix return value of __setup handlers Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 185/452] irqchip/exiu: Fix acknowledgment of edge triggered interrupts Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 186/452] irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 187/452] irqchip/aspeed-scu-ic: " Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 188/452] x86/mm: Cleanup the control_va_addr_alignment() __setup handler Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 189/452] arm64: fix types in copy_highpage() Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 190/452] regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 191/452] drm/msm/dp: fix event thread stuck in wait_event after kthread_stop() Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 192/452] drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 193/452] drm/msm/mdp5: Return error code in mdp5_mixer_release " Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 194/452] drm/msm: return an error pointer in msm_gem_prime_get_sg_table() Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 195/452] media: uvcvideo: Fix missing check to determine if element is found in list Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 196/452] iomap: iomap_write_failed fix Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 197/452] spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 198/452] Revert "cpufreq: Fix possible race in cpufreq online error path" Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 199/452] regulator: qcom_smd: Fix up PM8950 regulator configuration Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 200/452] perf/amd/ibs: Use interrupt regs ip for stack unwinding Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 201/452] ath11k: Dont check arvif->is_started before sending management frames Greg Kroah-Hartman
2022-06-07 17:00 ` [PATCH 5.10 202/452] ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 203/452] ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 204/452] regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 205/452] ASoC: samsung: Use dev_err_probe() helper Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 206/452] ASoC: samsung: Fix refcount leak in aries_audio_probe Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 207/452] kselftest/cgroup: fix test_stress.sh to use OUTPUT dir Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 208/452] scripts/faddr2line: Fix overlapping text section failures Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 209/452] media: aspeed: Fix an error handling path in aspeed_video_probe() Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 210/452] media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 211/452] media: st-delta: Fix PM disable depth imbalance in delta_probe Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 212/452] media: exynos4-is: Change clk_disable to clk_disable_unprepare Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 213/452] media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 214/452] media: vsp1: Fix offset calculation for plane cropping Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 215/452] Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 216/452] Bluetooth: Interleave with allowlist scan Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 217/452] Bluetooth: L2CAP: Rudimentary typo fixes Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 218/452] Bluetooth: LL privacy allow RPA Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 219/452] Bluetooth: use inclusive language in HCI role comments Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 220/452] Bluetooth: use inclusive language when filtering devices Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 221/452] Bluetooth: use hdev lock for accept_list and reject_list in conn req Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 222/452] nvme: set dma alignment to dword Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 223/452] m68k: math-emu: Fix dependencies of math emulation support Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 224/452] lsm,selinux: pass flowi_common instead of flowi to the LSM hooks Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 225/452] sctp: read sk->sk_bound_dev_if once in sctp_rcv() Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 226/452] net: hinic: add missing destroy_workqueue in hinic_pf_to_mgmt_init Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 227/452] ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 228/452] media: ov7670: remove ov7670_power_off from ov7670_remove Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 229/452] media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource() Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 230/452] media: rkvdec: Stop overclocking the decoder Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 231/452] media: rkvdec: h264: Fix dpb_valid implementation Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 232/452] media: rkvdec: h264: Fix bit depth wrap in pps packet Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 233/452] ext4: reject the commit option on ext2 filesystems Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 234/452] drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 235/452] drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 236/452] x86/sev: Annotate stack change in the #VC handler Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 237/452] drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 238/452] drm/i915: Fix CFI violation with show_dynamic_id() Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 239/452] thermal/drivers/bcm2711: Dont clamp temperature at zero Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 240/452] thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 241/452] thermal/drivers/core: Use a char pointer for the cooling device name Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 242/452] thermal/core: Fix memory leak in __thermal_cooling_device_register() Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 243/452] thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 244/452] ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 245/452] NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 246/452] ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 247/452] net: stmmac: selftests: Use kcalloc() instead of kzalloc() Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 248/452] net: stmmac: fix out-of-bounds access in a selftest Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 249/452] hv_netvsc: Fix potential dereference of NULL pointer Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 250/452] rxrpc: Fix listen() setting the bar too high for the prealloc rings Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 251/452] rxrpc: Dont try to resend the request if were receiving the reply Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 252/452] rxrpc: Fix overlapping ACK accounting Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 253/452] rxrpc: Dont let ack.previousPacket regress Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 254/452] rxrpc: Fix decision on when to generate an IDLE ACK Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 255/452] net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 256/452] hinic: Avoid some over memory allocation Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 257/452] net/smc: postpone sk_refcnt increment in connect() Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 258/452] arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 259/452] memory: samsung: exynos5422-dmc: Avoid some over memory allocation Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 260/452] ARM: dts: suniv: F1C100: fix watchdog compatible Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 261/452] soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc Greg Kroah-Hartman
2022-06-07 17:01 ` [PATCH 5.10 262/452] soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 263/452] PCI: cadence: Fix find_first_zero_bit() limit Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 264/452] PCI: rockchip: " Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 265/452] PCI: dwc: Fix setting error return on MSI DMA mapping failure Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 266/452] ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 267/452] soc: qcom: llcc: Add MODULE_DEVICE_TABLE() Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 268/452] KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 269/452] KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 270/452] platform/chrome: cros_ec: fix error handling in cros_ec_register() Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 271/452] ARM: dts: imx6dl-colibri: Fix I2C pinmuxing Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 272/452] platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 273/452] can: xilinx_can: mark bit timing constants as const Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 274/452] ARM: dts: stm32: Fix PHY post-reset delay on Avenger96 Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 275/452] ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 276/452] ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 277/452] ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 278/452] ARM: dts: bcm2835-rpi-b: Fix GPIO line names Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 279/452] misc: ocxl: fix possible double free in ocxl_file_register_afu Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 280/452] crypto: marvell/cesa - ECB does not IV Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 281/452] gpiolib: of: Introduce hook for missing gpio-ranges Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 282/452] pinctrl: bcm2835: implement " Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 283/452] arm: mediatek: select arch timer for mt7629 Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 284/452] powerpc/fadump: fix PT_LOAD segment for boot memory area Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 285/452] mfd: ipaq-micro: Fix error check return value of platform_get_irq() Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 286/452] scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 287/452] firmware: arm_scmi: Fix list protocols enumeration in the base protocol Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 288/452] nvdimm: Fix firmware activation deadlock scenarios Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 289/452] nvdimm: Allow overwrite in the presence of disabled dimms Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 290/452] pinctrl: mvebu: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 291/452] drivers/base/node.c: fix compaction sysfs file leak Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 292/452] dax: fix cache flush on PMD-mapped pages Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 293/452] drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 294/452] powerpc/8xx: export cpm_setbrg for modules Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 295/452] pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 296/452] powerpc/idle: Fix return value of __setup() handler Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 297/452] powerpc/4xx/cpm: " Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 298/452] ASoC: atmel-pdmic: Remove endianness flag on pdmic component Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 299/452] ASoC: atmel-classd: Remove endianness flag on class d component Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 300/452] proc: fix dentry/inode overinstantiating under /proc/${pid}/net Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 301/452] ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 302/452] PCI: imx6: Fix PERST# start-up sequence Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 303/452] tty: fix deadlock caused by calling printk() under tty_port->lock Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 304/452] crypto: sun8i-ss - rework handling of IV Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 305/452] crypto: sun8i-ss - handle zero sized sg Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 306/452] crypto: cryptd - Protect per-CPU resource by disabling BH Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 307/452] Input: sparcspkr - fix refcount leak in bbc_beep_probe Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 308/452] PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 309/452] hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 310/452] powerpc/64: Only WARN if __pa()/__va() called with bad addresses Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 311/452] powerpc/perf: Fix the threshold compare group constraint for power9 Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 312/452] macintosh: via-pmu and via-cuda need RTC_LIB Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 313/452] powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 314/452] mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 315/452] mailbox: forward the hrtimer if not queued and under a lock Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 316/452] RDMA/hfi1: Prevent use of lock before it is initialized Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 317/452] Input: stmfts - do not leave device disabled in stmfts_input_open Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 318/452] OPP: call of_node_put() on error path in _bandwidth_supported() Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 319/452] f2fs: fix dereference of stale list iterator after loop body Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 320/452] iommu/mediatek: Add list_del in mtk_iommu_remove Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 321/452] i2c: at91: use dma safe buffers Greg Kroah-Hartman
2022-06-07 17:02 ` [PATCH 5.10 322/452] cpufreq: mediatek: add missing platform_driver_unregister() on error in mtk_cpufreq_driver_init Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 323/452] cpufreq: mediatek: Use module_init and add module_exit Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 324/452] cpufreq: mediatek: Unregister platform device on exit Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 325/452] MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 326/452] i2c: at91: Initialize dma_buf in at91_twi_xfer() Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 327/452] dmaengine: idxd: Fix the error handling path in idxd_cdev_register() Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 328/452] NFS: Do not report EINTR/ERESTARTSYS as mapping errors Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 329/452] NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 330/452] NFS: Do not report flush errors in nfs_write_end() Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 331/452] NFS: Dont report errors from nfs_pageio_complete() more than once Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 332/452] NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 333/452] video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 334/452] dmaengine: stm32-mdma: remove GISR1 register Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 335/452] dmaengine: stm32-mdma: rework interrupt handler Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 336/452] dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 337/452] iommu/amd: Increase timeout waiting for GA log enablement Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 338/452] i2c: npcm: Fix timeout calculation Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 339/452] i2c: npcm: Correct register access width Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 340/452] i2c: npcm: Handle spurious interrupts Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 341/452] i2c: rcar: fix PM ref counts in probe error paths Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 342/452] perf c2c: Use stdio interface if slang is not supported Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 343/452] perf jevents: Fix event syntax error caused by ExtSel Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 344/452] f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 345/452] f2fs: fix to do sanity check on block address in f2fs_do_zero_range() Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 346/452] f2fs: fix to clear dirty inode in f2fs_evict_inode() Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 347/452] f2fs: fix deadloop in foreground GC Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 348/452] f2fs: dont need inode lock for system hidden quota Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 349/452] f2fs: fix to do sanity check on total_data_blocks Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 350/452] f2fs: fix fallocate to use file_modified to update permissions consistently Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 351/452] f2fs: fix to do sanity check for inline inode Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 352/452] wifi: mac80211: fix use-after-free in chanctx code Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 353/452] iwlwifi: mvm: fix assert 1F04 upon reconfig Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 354/452] fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 355/452] efi: Do not import certificates from UEFI Secure Boot for T2 Macs Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 356/452] bfq: Split shared queues on move between cgroups Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 357/452] bfq: Update cgroup information before merging bio Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 358/452] bfq: Track whether bfq_group is still online Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 359/452] ext4: fix use-after-free in ext4_rename_dir_prepare Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 360/452] ext4: fix warning in ext4_handle_inode_extension Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 361/452] ext4: fix bug_on in ext4_writepages Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 362/452] ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 363/452] ext4: fix bug_on in __es_tree_search Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 364/452] ext4: verify dir block before splitting it Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 365/452] ext4: avoid cycles in directory h-tree Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 366/452] ACPI: property: Release subnode properties with data nodes Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 367/452] tracing: Fix potential double free in create_var_ref() Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 368/452] PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 369/452] PCI: qcom: Fix runtime PM imbalance on probe errors Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 370/452] PCI: qcom: Fix unbalanced PHY init " Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 371/452] mm, compaction: fast_find_migrateblock() should return pfn in the target zone Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 372/452] s390/perf: obtain sie_block from the right address Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 373/452] dlm: fix plock invalid read Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 374/452] dlm: fix missing lkb refcount handling Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 375/452] ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 376/452] scsi: dc395x: Fix a missing check on list iterator Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 377/452] scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 378/452] drm/amdgpu/cs: make commands with 0 chunks illegal behaviour Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 379/452] drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 380/452] drm/nouveau/clk: Fix an incorrect NULL check on list iterator Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 381/452] drm/nouveau/kms/nv50-: atom: fix " Greg Kroah-Hartman
2022-06-07 17:03 ` [PATCH 5.10 382/452] drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 383/452] drm/i915/dsi: fix VBT send packet port selection for ICL+ Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 384/452] md: fix an incorrect NULL check in does_sb_need_changing Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 385/452] md: fix an incorrect NULL check in md_reload_sb Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 386/452] mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 387/452] mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 388/452] media: coda: Fix reported H264 profile Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 389/452] media: coda: Add more H264 levels for CODA960 Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 390/452] ima: remove the IMA_TEMPLATE Kconfig option Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 391/452] Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 392/452] RDMA/hfi1: Fix potential integer multiplication overflow errors Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 393/452] csky: patch_text: Fixup last cpu should be master Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 394/452] irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 395/452] irqchip: irq-xtensa-mx: fix initial IRQ affinity Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 396/452] cfg80211: declare MODULE_FIRMWARE for regulatory.db Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 397/452] mac80211: upgrade passive scan to active scan on DFS channels after beacon rx Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 398/452] um: chan_user: Fix winch_tramp() return value Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 399/452] um: Fix out-of-bounds read in LDT setup Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 400/452] kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 401/452] ftrace: Clean up hash direct_functions on register failures Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 402/452] iommu/msm: Fix an incorrect NULL check on list iterator Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 403/452] nodemask.h: fix compilation error with GCC12 Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 404/452] hugetlb: fix huge_pmd_unshare address update Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 405/452] xtensa/simdisk: fix proc_read_simdisk() Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 406/452] rtl818x: Prevent using not initialized queues Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 407/452] ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 408/452] carl9170: tx: fix an incorrect use of list iterator Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 409/452] stm: ltdc: fix two incorrect NULL checks on " Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 410/452] bcache: improve multithreaded bch_btree_check() Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 411/452] bcache: improve multithreaded bch_sectors_dirty_init() Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 412/452] bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 413/452] bcache: avoid journal no-space deadlock by reserving 1 journal bucket Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 414/452] serial: pch: dont overwrite xmit->buf[0] by x_char Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 415/452] tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 416/452] gma500: " Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 417/452] arm64: dts: qcom: ipq8074: fix the sleep clock frequency Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 418/452] phy: qcom-qmp: fix struct clk leak on probe errors Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 419/452] ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 420/452] ARM: pxa: maybe fix gpio lookup tables Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 421/452] SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 422/452] docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 423/452] dt-bindings: gpio: altera: correct interrupt-cells Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 424/452] vdpasim: allow to enable a vq repeatedly Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 425/452] blk-iolatency: Fix inflight count imbalances and IO hangs on offline Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 426/452] coresight: core: Fix coresight device probe failure issue Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 427/452] phy: qcom-qmp: fix reset-controller leak on probe errors Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 428/452] net: ipa: fix page free in ipa_endpoint_trans_release() Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 429/452] net: ipa: fix page free in ipa_endpoint_replenish_one() Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 430/452] xfs: set inode size after creating symlink Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 431/452] xfs: sync lazy sb accounting on quiesce of read-only mounts Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 432/452] xfs: fix chown leaking delalloc quota blocks when fssetxattr fails Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 433/452] xfs: fix incorrect root dquot corruption error when switching group/project quota types Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 434/452] xfs: restore shutdown check in mapped write fault path Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 435/452] xfs: force log and push AIL to clear pinned inodes when aborting mount Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 436/452] xfs: consider shutdown in bmapbt cursor delete assert Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 437/452] xfs: assert in xfs_btree_del_cursor should take into account error Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 438/452] kseltest/cgroup: Make test_stress.sh work if run interactively Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 439/452] thermal/core: fix a UAF bug in __thermal_cooling_device_register() Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 440/452] thermal/core: Fix memory leak in the error path Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 441/452] bfq: Avoid merging queues with different parents Greg Kroah-Hartman
2022-06-07 17:04 ` [PATCH 5.10 442/452] bfq: Drop pointless unlock-lock pair Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 443/452] bfq: Remove pointless bfq_init_rq() calls Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 444/452] bfq: Get rid of __bio_blkcg() usage Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 445/452] bfq: Make sure bfqg for which we are queueing requests is online Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 446/452] block: fix bio_clone_blkg_association() to associate with proper blkcg_gq Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 447/452] Revert "random: use static branch for crng_ready()" Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 448/452] RDMA/rxe: Generate a completion for unsupported/invalid opcode Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 449/452] MIPS: IP27: Remove incorrect `cpu_has_fpu override Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 450/452] MIPS: IP30: " Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 451/452] ext4: only allow test_dummy_encryption when supported Greg Kroah-Hartman
2022-06-07 17:05 ` [PATCH 5.10 452/452] md: bcache: check the return value of kzalloc() in detached_dev_do_request() Greg Kroah-Hartman
2022-06-07 19:39 ` [PATCH 5.10 000/452] 5.10.121-rc1 review Pavel Machek
2022-06-08 1:29 ` Shuah Khan
2022-06-08 10:11 ` Sudip Mukherjee
2022-06-08 13:29 ` Fox Chen
2022-06-08 16:55 ` Naresh Kamboju
2022-06-08 23:50 ` Guenter Roeck
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).